Article ID: 2510633 - View products that this article applies to.
Internet Explorer 8 can now block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request if the request is redirected to a different host. An update is now available to enable this new feature. The update adds a navBlockRedirectsXDomain flag that enables callers to opt into this security mitigation. Additionally, the update adds a DWebBrowserEvents2::RedirectXDomainBlocked event to detect any navigation request that is blocked.
This feature enables you to prevent cross-domain headers being sent together with redirected navigation requests. The feature detects blocked navigation requests through the DWebBrowserEvents2::RedirectXDomainBlocked event, and then calls the IWebBrowser2::Navigate2 navigation request again by using the redirected URL that is obtained from the event. However, when the navigation request is called again, the navigation call does not include cross-domain headers.
Note When the navigation request is directed to a URL that has the target property set to “_blank,” cross-domain headers may be sent together with redirected navigation requests.
Security update informationTo resolve this problem, install the most recent cumulative security update for Windows Internet Explorer. To do this, visit the following Microsoft website:
http://update.microsoft.comFor more technical information about the most recent cumulative security update for Windows Internet Explorer, visit the following Microsoft website:
http://www.microsoft.com/technet/security/current.aspxNote This update was first included in security update 2497640 (MS11-018). For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2497640For more information about the IWebBrowser2 interface, visit the following Microsoft Developer Network (MSDN) website:
(http://support.microsoft.com/kb/2497640/ )MS11-018: Cumulative Security Update for Internet Explorer
General information about the IWebBrowser2 interfaceFor more information about BrowserNavConstants enumeration, visit the following Microsoft Developer Network (MSDN) website:
General information about BrowserNavConstants enumerationFor more information about the target DHTML property, visit the following Microsoft Developer Network (MSDN) website:
General information about the target DHTML property