cordova-ios icon indicating copy to clipboard operation
cordova-ios copied to clipboard
verified publisher icon apache

origin is null for requests sent with window.fetch on WKWebView engine

Open StaymanHou opened this issue 5 years ago • 8 comments

Issue Type

  • [ ] Bug Report
  • [ ] Feature Request
  • [x] Support Question

Description

I'm attempting to upgrade cordova-ios from 5.1.1 to 6.0.0 for a project. At the same time, I'm also trying to migrate from uiwebview to wkwebview since that's the new default. And uiwebview is going to be deprecated anyways.

Following the release note, I've managed to get the standard xhr working by setting the scheme and hostname preferences in config.xml

However the requests sent with window.fetch still have the origin set to null despite the custom scheme configuration.

Is that the expected behavior, and I will have to migrate to some other plugin to replace the window.fetch functionality? Is there something else that I'm missing?

StaymanHou avatar Jun 11 '20 15:06 StaymanHou

This sounds like a wkwebview issue if it works with standard XMLHttpRequest but not with fetch.

breautek avatar Jun 11 '20 15:06 breautek

My wild guess is wkwebview is treating the request as a tainted origin, which I believe only does this on the fetch api. If the origin is considered tainted, then the origin becomes null, according to the Fetch spec.

https://fetch.spec.whatwg.org/#serializing-a-request-origin

But I don't know what qualifies as a tainted origin...

breautek avatar Jun 11 '20 16:06 breautek

Managed to workaround that by using https://github.com/aporat/cordova-plugin-fetch

Still would love to figure out the cause when get a chance, but the fetch plugin by @aporat would do it for now.

StaymanHou avatar Jun 12 '20 12:06 StaymanHou

Same problem when the axios is used.

75341704 avatar Jun 29 '20 18:06 75341704

same problem here with axios as well, occurs only with cordova-ios v > 6:

Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin.

Not reproduced with cordova-ios 5.1.1, the origin header does not appear at all in the request.

jony89 avatar Sep 22 '20 17:09 jony89

in CordovaLib/Classes/Private/Plugins/CDVWebViewEngine/CDVWebViewEngine.m after WKWebViewConfiguration* configuration = [[WKWebViewConfiguration alloc] init]; add [configuration setValue:@"TRUE" forKey:@"allowUniversalAccessFromFileURLs"]; can fix api fail

micro-sugar avatar Oct 27 '20 03:10 micro-sugar

Same problem when the axios is used.

gaollard avatar Nov 07 '20 07:11 gaollard

Here are some links that may or may not be relevant for this issue:

  • https://ionicframework.com/docs/v3/wkwebview/#cors
  • https://github.com/oracle/cordova-plugin-wkwebview-file-xhr
  • https://github.com/Raphcal/cordova-plugin-cors
  • https://stackoverflow.com/questions/39361771/wkwebview-origin-null-is-not-allowed-by-access-control-allow-origin

I am not sure what the proper fix is on the app side, I chose to enable (preflight) cors requests from the "null" origin on the server side.

adipascu avatar Nov 05 '21 19:11 adipascu