[TIMOB-27382] iOS: CORS Issue, origin of header is always null since SDK 8
| GitHub Issue | n/a |
|---|
| Type | Bug |
|---|
| Priority | None |
|---|
| Status | Closed |
|---|
| Resolution | Not Our Bug |
|---|
| Resolution Date | 2019-10-28T18:26:36.000+0000 |
|---|
| Affected Version/s | Release 8.0.2, Release 8.1.0 |
|---|
| Fix Version/s | n/a |
|---|
| Components | iOS |
|---|
| Labels | n/a |
|---|
| Reporter | Shuo Liang |
|---|
| Assignee | Unknown |
|---|
| Created | 2019-09-06T10:48:24.000+0000 |
|---|
| Updated | 2019-12-04T00:41:46.000+0000 |
|---|
Description
Problem Description:
As of SDK 8, any XMLHttpRequest performed inside a WebView from a file has a header of origin: null. This is a behavior that was not present in SDK 7 and only affects IOS. (It seems to be due to the change to WKWebview.)
We use the WebView in an authentication workflow where we have an intermediate HTML file with the necessary javascript to perform the redirections/progress the sign in. This is an HTML page in resources/www.
Due to the fact this header is now
A) Being set for seemingly all requests, even GET
B) is always null
This is breaking our authentication process and we cannot continue developing our application until it is fixed.
There does not appear to be any way to currently set this via titanium, there is also nothing in the documentation. We cannot set Access-Control-Allow-Origin * / null as this would pose a security risk server-side.
We need to be able to switch back to using UIWebview in the new SDK, the origin header dropped, or, the origin header has a correct value (https://localhost/.....).
Reproduce
1. Create a new alloy projet.
2. Add attached file.
3. Run the app to iOS device
4. Monitor network traffic so you can see the request headers (as per screenshot attached).
Attachments
No comments