[GitHub] [cordova-ios] breautek commented on issue #1299: XMLHttpRequest CORS issue on read remote file (image)

Mon, 20 Mar 2023 17:42:09 -0700 


breautek commented on issue #1299:
URL: https://github.com/apache/cordova-ios/issues/1299#issuecomment-1477133467

   > Thanks for your support... talking about the request from my app to my 
server to a file php there isn't problem because this is my php code:
   > 
   > ```
   > <?php
   > header('Access-Control-Allow-Origin: *');
   > ...
   > ```
   > 
   > my problem is only when I want read an image file to download... as 
example: https://www.mySite.xx/img/logo.jpg https://www.mySite.xx/img/img1.jpg 
https://www.mySite.xx/img/img2.png ... ecc
   > 
   > in this case how I can do to not have CORS problem?... I can't write in a 
binary file...
   
   If you're responding with the header `Access-Control-Allow-Origin: *` on 
both the `GET` and the `OPTIONS` requests and it still isn't working with the 
native XMLHttpRequest/fetch APIs, then you might be hitting an issue I 
mentioned:
   
   > I've had issues with this method on older iOS devices however (pre iOS 
10). I haven't actually tested if it works properly on iOS 11+.
   
   I know for certain that iOS 10 and earlier didn't properly support 
wildcards, and based on what you're telling me that might still be the case 
with current iOS versions. If that's the situation then the proper solution 
would be to return the domain as read from the `Origin` request header, which 
would simulate a wildcard behaviour.
   
   > Install 
[cordova-plugin-wkwebview-file-xhr](https://github.com/oracle/cordova-plugin-wkwebview-file-xhr)
 and 
[cordova-plugin-wkwebviewxhrfix](https://github.com/TheMattRay/cordova-plugin-wkwebviewxhrfix)
 plugins
   
   Using these plugins can work as well. They generally work by overwriting the 
browser's HTTP apis so that requests are made using the native HTTP layer 
rather than the browser's HTTP layer. This works because the native device HTTP 
APIs are not bounded by CORs since CORs is a browser concept. However, this is 
working around CORs instead of being CORS compliant.
   
   If this is the solution you have decided to go with however, I'll close this 
issue.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to