[
https://issues.apache.org/jira/browse/CB-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466193#comment-13466193
]
Jochen Magnus edited comment on CB-1406 at 9/29/12 11:13 PM:
-------------------------------------------------------------
I made some further tests and found that the problem with XHR requests in
webworkers in a native app is caused by the Same Origin Policy (SOP). This only
happens with iOS 6 not with iOS 5.
With the remote debugger which is newly available in Safari 6 for iOS 6 apps
the console shows: "XMLHttpRequest cannot load
http://live.rhein-zeitung.de/test.txt. Origin file:// is not allowed by
Access-Control-Allow-Origin."
I enhanced my test case so it could now load alternatively by XHR in the main
applications thread or by XHR via webworker. No problem occurs in the first
case, but the SOP security issue happens in the second case, because there is
"Origin" HTTP header field witch contains "file://" (in the first case, there
seems to be no such header field).
A workaround is to allow Cross Domain Scripting in the webservers config (for
Apache webserver add "Header add Access-Control-Allow-Origin file://" to the
config), but this may be a security problem. I tested it, but I am unsure about
the security issue when allowing 'file://' or asterisk.
So I would prefer a "real" solution.
was (Author: ioma):
I made some further tests and found that the problem with XHR requests in
webworkers in a native app is caused by the Same Origin Policy (SOP). This only
happens with iOS 6 not with iOS 5.
With the remote debugger which is newly available in Safari 6 for iOS 6 apps
the console shows: "XMLHttpRequest cannot load
http://live.rhein-zeitung.de/test.txt. Origin file:// is not allowed by
Access-Control-Allow-Origin."
I enhanced my test case so it could now load alternatively by XHR in the main
applications thread or by XHR via webworker. No problem occurs in the first
case, but the SOP security issue happens in the second case, because there is
"Origin" HTTP header field witch contains "file://" (in the first case, there
seems to be no such header field).
A workaround is to allow Cross Domain Scripting in the webservers config (for
Apache webserver add "Header add Access-Control-Allow-Origin *" to the config),
but this may be a security problem. I tested it, but I am unsure about the
security issue when allowing '*' or 'file://'.
So I would prefer a "real" solution.
> HTTP-Get via XHR in Web Workers always return status 0 under iOS 6 (Beta 4)
> ---------------------------------------------------------------------------
>
> Key: CB-1406
> URL: https://issues.apache.org/jira/browse/CB-1406
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 2.1.0
> Environment: all iOS devices and simulators
> Reporter: Jochen Magnus
> Assignee: Michal Mocny
> Labels: HTTP, WebWorker, XHR
> Fix For: 2.2.0
>
> Attachments: testworker.js, workertest2.tar.bz2, workertest.html,
> xhr_tests.png
>
>
> HTTPRequests in the Web Workers ending always with http.readyState==4
> (that's the ready state) but with http.status==0, which is an undefined
> status (normal is 200 for "o.k."). The file is requested from and fully
> deliverd by the webserver.
> This happens under iOS 6 Beta 4 but not under iOS 5.x where the same app with
> the same Cordova version works well.
> The problem did not occur with XHR in the native programs main thread nor in
> non-native HTML5-apps (WebApps without the use of Cordova).
> A Xcode test project is available.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
