Internet Explorer 8 can now block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request if the request is redirected to a different host. An update is now available to enable this new feature. The update adds a navBlockRedirectsXDomain flag that enables callers to opt into this security mitigation. Additionally, the update adds a DWebBrowserEvents2::RedirectXDomainBlocked event to detect any navigation request that is blocked.
This feature enables you to prevent cross-domain headers being sent together with redirected navigation requests. The feature detects blocked navigation requests through the DWebBrowserEvents2::RedirectXDomainBlocked event, and then calls the IWebBrowser2::Navigate2 navigation request again by using the redirected URL that is obtained from the event. However, when the navigation request is called again, the navigation call does not include cross-domain headers.
Note When the navigation request is directed to a URL that has the target property set to �_blank,� cross-domain headers may be sent together with redirected navigation requests.
Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.