IE7 Prevents Cross Domain Image Loading?

OK, so here’s the story…

About a week ago, I started working with a client on an issue that seems to have recently manifested itself.  An image on a web page would not load in the page.  Yet, if you accessed the image directly, it would load.  This same image loads fine in all of the other browsers except for IE7.  Further, as far as anyone can remember, it has loaded fine in IE7 in the past.

So, the first question one has to ask in a situation like this is, what is unique about the image being loaded.  Turns out there are two things.  First, the image is being served by .NET so that we can store and retrieve the image in a database.  Second, it is being retrieved from another domain.

Fortunately, in our case, we control both domains.  So, I recommended creating a subdomain of the domain the web page is loading from and aliasing it to the domain we were trying to get the images from on a hunch that this was a cross domain security issue.

Sure enough that fixed the problem for us.

So, anyone else run into this issue?

Anyone have a solution that doesn’t require the images and the page being on the same domain?

Most Commented Post

3 Responses to “IE7 Prevents Cross Domain Image Loading?”

  • ty:

    I have the exact same problem…it works on every IE7 ive tried (10-15 other computers in several locations) except this one clients. In the source view the img tags are just magically gone…which leads me to believe there is some other program out there catching and re-writing the source before it gets to IE7.
    Let me know if you figure out whats causing it and Ill do the same. Good luck!

  • Joel:

    The problem is with privacy settings. If you double-click on the little “Eye” icon at the bottom of IE7 (which you may not even know existed), you will see that it’s blocking the images due to privacy concerns. We ran into this problem at my last employer when we went to a dedicated hosted server to host our clients’ websites as opposed to the shared hosting plans we had been using up until then. Suddenly none of the pictures from the individual sites would load in the website administration page, which had a master URL for all of our clients where they could go to manage their websites!

    Turns out our previous hosts’ web servers were configured to return host headers that we had to configure ourselves in IIS on our new server. We set it server-wide, and that was 3 years ago, so I don’t remember the exact settings, but basically IE7 won’t allow cross-domain images to be loaded from a web server that isn’t providing a privacy policy. It doesn’t matter what your privacy policy is, there just has to be one. I think there’s a privacy policy that you can return that’s something like, “to be implemented” or “non-binding, we’re reporting something but don’t hold us to it”. You just need to have something.

  • Dave:

    Thanks,

    I’ll pass it on. Been a while since I got bit by P3P, and I’m relatively sure that all the code at this organization has a P3P header. But, maybe they missed it.