breautek commented on issue #1297: URL: https://github.com/apache/cordova-ios/issues/1297#issuecomment-1472858472
A note on standard browser features... Cordova has limited control over browser features. If webview `fetch` or `XMLHttpRequest` is behaving a certain way, it's unlikely that Cordova can do anything to influence whatever behaviour is implemented by the webview. While Safari is based off of `WKWebView`, they are two different products and may have slight differences of behaviour. Like dpogue said, a client generally only sends the `Origin` header if it's making a CORS request. The `Origin` header is required on CORS request, but is optional otherwise. Resource and page navigations are generally not CORs requests and thus is up to the user agent if they want to still include the `Origin` header. Images for example are suppose to have a [no-cors](https://developer.mozilla.org/en-US/docs/Web/API/HTMLImageElement/crossOrigin) default fetch mode, according to MDN. Safari might be breaking this rule because the [spec](https://fetch.spec.whatwg.org/#concept-request-mode) also discourages the `no-cors` defaults. Anyway, you can try using `crossorigin="anonymous"` attribute on your image tags, which should explicitly state that the resource **should** be a CORS request, and thus the `Origin` header should be sent. `anonymous` means the image will be fetched using a CORS request but without credentials (e.g. no cookies, or `Authorization` header. See [MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin) for more information. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
