You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Shazron Abdullah (JIRA)" <ji...@apache.org> on 2015/09/10 10:42:46 UTC
[jira] [Commented] (CB-7348) [WKWebView] pages that are loaded
using file:/// urls respect CORS
[ https://issues.apache.org/jira/browse/CB-7348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14738412#comment-14738412 ]
Shazron Abdullah commented on CB-7348:
--------------------------------------
Re-test this assumption with iOS 9. This was tested in the iOS 8 betas before they added the security restrictions on file urls.
> [WKWebView] pages that are loaded using file:/// urls respect CORS
> ------------------------------------------------------------------
>
> Key: CB-7348
> URL: https://issues.apache.org/jira/browse/CB-7348
> Project: Apache Cordova
> Issue Type: Sub-task
> Components: iOS
> Environment: iOS 8
> Reporter: Shazron Abdullah
> Assignee: Shazron Abdullah
> Labels: cordova-ios-4.0.x
>
> Not a complaint but an advisory, this is the opposite of what happens in a UIWebView, where a page loaded locally is not restricted to CORS and can do whatever it wants.
> Try xhr to a local server using: https://gist.github.com/enjalot/2904124
> Note that it works with the wildcard of course. By default, file:// urls give the Origin: header as null.
> The only solution is, the destination server MUST return the header "Access-Control-Allow-Origin" that matches the wildcard or "null".
> So what is the alternative? Run a local proxy. The PhoneGap Developer App does this transparently: https://github.com/phonegap/phonegap-app-developer by overriding XMLHttpRequest.open
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org