Treesaver fails in IE when particular security options are disabled

[sop]

I haven't yet investigated whether this issue is possible to be fixed, but i'd like to inform in case someone runs into similar problems.

In IE options, Advanced tab, under Security, there's following flags:

• Enable native XMLHTTP support
• Enable DOM Storage

In IE8, both checkboxes must be checked in order for Treesaver to work.
In IE9, XMLHTTP support seems irrelevant, but DOM Storage must be enabled.

With XMLHTTP disabled, loading fails at treesaver.network.get, apparently XMLHttpRequest is not declared. I recall IE has it's own alternative implementation of ajax, Msxml2.XMLHTTP or something, maybe this would be something to look into to provide a fallback implementation.

With DOM Storage disabled, loading fails with javascript error Error: Unable to get value of the property 'getItem': object is null or undefined. I guess it's clear that window.localStorage and window.sessionStorage are not available.

Oh, and this is in 0.9.2.

[bramstein]

Just to verify, these options are enabled by default, right? I agree that we should fail gracefully when they are disabled. We'll need to figure out why the feature detection does not work.

[sop]

Yes, they are enabled by default. We actually have several potential customers that currently have problems with this due to their organizational browser policies.
I'm pretty sure though normal user wouldn't ever change those configurations, but "security aware" companies tend to tighten everything even remotely security related, no matter whether it's even necessary.