Comments (6)
origin
request header is part of the CORS
protocol. The CORS spec leaves it up to the user agent to add it to request headers or not, the only requirement is that the header must be sent if the user agent is making a "CORS" request, and the WKWebView does just that.
As for the Referrer-Policy, there's a open feature request for wkwebview to support it, so I'm guessing that's not something WKWebView actually supports?
from cordova-ios.
@breautek I am a bit confused by your response. Could you clarify please? Are you saying the WKWebView does send the header if the browser is making a CORS request...so I am interpreting this to mean that an iFrame is not making a CORS request? Is there any method to get the iFrame to send origin or referrer then? If WKWebView doesn't support referrerpolicy
directly in the iframe element then I am assuming there is no method to get an iframe to send origin or referrer....true?
from cordova-ios.
Could you clarify please? Are you saying the WKWebView does send the header if the browser is making a CORS request...so I am interpreting this to mean that an iFrame is not making a CORS request?
You're understanding is correct, but honestly iframe
sometimes have behaviour than other kinds of request, so with iframes specifically I don't know how that is handled. But generally speaking (like for image requests, XHR/fetch requests, or other resource requests will only send the origin
header if the browser ends up making a CORS request. Some other browsers may always send the origin
header but you can't really rely on this behaviour, and the WKWebView is one webview that I know will only send the header if it's actually making a CORS request.
Is there any method to get the iFrame to send origin or referrer then?
There is a crossorigin attribute that tells the browser to make a CORS request for that resource, but iframe
doesn't appear to be in the list of supported tags, so this leads me to believe that because an iframe acts as a sub-document it doesn't become a CORS request, ever. I do know there are other iframe policies that can be set
If WKWebView doesn't support referrerpolicy directly in the iframe element then I am assuming there is no method to get an iframe to send origin or referrer....true?
Here's something you can try... the iframe tag/object appears to have a referrer property itself, instead of trying to set it via the meta tag. That's supposedly supported on iOS 13+, but it's important to understand that Safari on iOS
represents the Safari browser app, and not WKWebView
and they are not necessarily the same. See the MDN docs on the referrerpolicy
attribute.
Based on your given config I think the equivilant would be:
<iframe src="..." referrerpolicy="origin" />
If that works, you'll probably want to bump your minimum supported iOS to 13, as Cordova defaults to 11.
If it doesn't work, then I think you're out of luck unfortunately. This isn't something that Cordova can control, as it's controlled by the webview itself.
from cordova-ios.
@breautek - thanks for the clarification. The referrerpolicy="origin"
does not work, as stated in my OP. The next thing I am going to try to do an XHR load of the document where I can control the CORS and then load that into <iframe srcdoc="(XHR content)" ...>
from cordova-ios.
The referrerpolicy="origin" does not work,
Ah yah, I missed that, my apologies.
The next thing I am going to try to do an XHR load of the document where I can control the CORS and then load that into <iframe srcdoc="(XHR content)" ...>
Not quite sure what kind of kind of limitations that may impose but XHR if it's going to an origin other than the cordova document, then it should trigger a CORS request, so I'd suspect that to work in terms of having the origin
header sent.
from cordova-ios.
For anyone who comes across this issue, I found a solution that side loads a document into an iFrame using an XHR (ie: $http.get()
) to pass the needed CORS values to my backend server. This CORS request sends the origin
(which my server requires) and successfully retrieves the html document:
$http.get(url)
.then(function(response) {
$scope.urlHTML = $sce.trustAsHtml(response.data) ;
}) '
Then I am able to bind the html document to the iFrame:
<iframe ng-attr-srcdoc="{{urlHTML}}"></iframe>
A full SO is listed here: https://stackoverflow.com/questions/77160980/angularjs-http-document-load-into-an-iframe
from cordova-ios.
Related Issues (20)
- Loading HTML from the data directory with WKWebView results in an error HOT 1
- Cannot read property 'name' of undefined xcode@15 ios17
- Cannot read property 'name' of undefined xcode@15 ios17 HOT 2
- Webview Serving HOT 2
- Xcode 15.0: The iOS Simulator deployment target 'IPHONEOS_DEPLOYMENT_TARGET' is set to 11.0, but the range of supported deployment target versions is 12.0 to 17.0.99. HOT 15
- Allow to configure a default simulator instead of always using --target on `cordova run` HOT 1
- Failing to broadcast 'pause' event when app enters background
- xcodebuild was not found. After upgrading to Cordova 7.0.1 from Cordova 6.1.0 HOT 3
- warning: The iOS deployment target 'IPHONEOS_DEPLOYMENT_TARGET' is set to 9.0, but the range of supported deployment target versions is 12.0 to 17.0.99 HOT 2
- Unable to configure icons for Catalyst
- Undefined symbols on Xcode HOT 3
- Version 17 breaks podfile with deployment-target HOT 2
- 每次从后台进入前台UIApplicationDidBecomeActiveNotification这个方法执行有问题 HOT 1
- Cordova was listed on the list of requirements for third-party SDKs announced by Apple today. HOT 50
- Failed to verify code signature of some framework and cannot install on device HOT 3
- (Black screen) when App Reload is triggered on iPhones with Notch:
- Console.log is not displayed in the safari terminal, but is displayed in the Xcode console HOT 1
- App stuck on splash screen on ios 16+ HOT 5
- Cordova iOS How to inject local cordova.js to remote H5 calls. HOT 1
- Gamepad API does not work (WKWebView needs to be firstResponder?) HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cordova-ios.