rolinger commented on issue #897: URL: https://github.com/apache/cordova-ios/issues/897#issuecomment-1472728217
I am running into a similar issue that I think is related to this discussion, and its causing all kinds of headaches with our api server security: In an html template: `<img ng-src="https://example.com/image.png";>` - the url call does not include any headers such as `Origin` and `Referrer`. On Android, both are passed in the headers. However `<ng-include src="https://example.com/thisFile.txt";>` does pass the `Origin` header. Android passes both `Origin` and `Referrer` Because the `Origin` header is required on our server, all images being loaded from our server are being blocked forcing us to rewrite all standard `<img ng-src="{{imageUrl}}">` calls to retrieve the image via `$http.get()` like: ``` <img data-ng-src="{{someImage}}" ng-init="getImage(imageUrl)"> $scope.getImage = function(url) { $http.get(url).then(function(response) { $scope.someImage = response.data ; }) ; } ``` We don't have to add any additional headers because on iOS `$http.get` is native adds the `Origin` header. On Android, it adds `Origin` and `Referrer`. This is not ideal; besides having to rewrite tons of `<img>` tags the file loads are slower. We are also coming through the rest of our code to to look for any other type of `src` call and having to test what that call looks like. If others are doing the same as the `<img ng-src>` then we will have to rewrite those too. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
![https://example.com/image.png"](https://example.com/image.png"){kind=link}