On a website I am working on there is a cross domain AJAX (specifically a CORS call using an OPTIONS HTTP method) getting fired up but getting nowhere, the error I was getting in the browser was marked as


It looked like the AJAX call was not getting refused by the receiving server, but was not even leaving my computer: looking at the XHR call made in the browser inspector, we could tell only Provisional Headers were getting sent.

We wasted a lot of time around this, trying to figure out what was wrong, mainly thinking it was something to do with how the AJAX call had been setup, but we always had a suspicion about any software blocking my outgoing call.

I am on a Mac with OS X Mavericks and I don’t have any antivirus and I checked that my firewall was turned off. I also disabled all ad blockers and any other Chrome addon, but the issue was also happening on safari, where I have no addons whatsoever, so we worked out it was definitely a computer issue rather than a browser issue. Then I stumbled upon this article that brightened my day and fixed my issue: the culprit was Cisco AnyConnect VPN Client! I discovered, reading the article, that a specific installation option, Web Security, was the reason why those calls were getting stopped.

Web Security option on CiscoAnyconnect VPN

Web Security option on CiscoAnyconnect VPN

So I went and removed CiscoAnyconnect from Applications, then followed these instructions to really make sure it was removed http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116080-productqanda-vpnclients-00.html#anc3 but in particular, I executed this command

sudo /opt/cisco/anyconnect/bin/websecurity_uninstall.sh

(found on this Apple thread https://discussions.apple.com/thread/3507331)

The idea is to then being able to re-install CiscoAnyconnect VPN remembering to untick the Web Security option, but I have not done that for now as I don’t need it, but Ben Nadel has as explained here http://www.bennadel.com/blog/2559-cisco-anyconnect-vpn-client-may-block-cors-ajax-options-requests.htm