The default behavior of WKWebView is to raise a cross origin exception when loading files from the main bundle using the file protocol - "file://". This plugin works around this shortcoming by loading files via native code if the web view's current location has "file" protocol and the target URL passed to the open method of the XMLHttpRequest is relative. As a security measure, the plugin verifies that the standardized path of the target URL is within the "www" folder of the application's main bundle.
Since the application's starting page is loaded from the device's file system, all XHR requests to remote endpoints are considered cross origin. For such requests, WKWebView specifies "null" as the value of the Origin header, which will be rejected by endpoints that are configured to disallow requests from the null origin. This plugin works around that issue by handling all remote requests at the native layer where the origin header will be excluded.

Installation

Plugin installation requires Cordova 10+ and iOS 9+.

cordova plugin add cordova-plugin-alpha-wkwebview-file-xhr-fix

Supported Platforms

Quick Example

// read local resource
var xhr = new XMLHttpRequest();
xhr.addEventListener("loadend", function (evt) {
  var data = this.responseText;
  document.getElementById("myregion").innerHtml = data;
});

xhr.open("GET", "js/views/customers.html");
xhr.send();

// post to remote endpoint
var xhr = new XMLHttpRequest();
xhr.addEventListener("loadend", function (evt) {
  var product = this.response;
  document.getElementById("productId").value = product.id;
  document.getElementById("productName").value = product.name;
});

xhr.open("POST", "https://myremote/endpoint/product");
xhr.responseType = "json";
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.send(JSON.stringify({ name: "Product 99" }));

Configuration

The following configuration options modify the default behavior of the plugin. The values are specified in config.xml as preferences:

AllowUntrustedCerts: on|off (default: off). If "on", requests routed to the native implementation will accept self signed SSL certificates. This preference should only be enabled for testing purposes.
InterceptRemoteRequests: all|secureOnly|httpOnly|none (default: secureOnly). Controls what types of remote XHR requests are intercepted and handled by the plugin. The plugin always intercepts requests with the file:// protocol. By default, the plugin will intercept only secure protocol requests ("https").
NativeXHRLogging: none|full (default: none). If "full" the javascript layer will produce logging of the XHR requests sent through the native to the javascript console. Note: natively routed XHR requests will not appear in the web inspector utility when "InterceptRemoteRequests" is "all" or "secureOnly".
NoS3Intercepts: true|false (default: false) If set true, any URL that includes "s3.amazonaws.com" will not be intercepted and handled by the plugin. Only valid if InterceptRemoteRequests is set to all, secureOnly or httpOnly.

This plugin has been modified from the original to sync cookies returned in the XHR header to the WKWebView.

Whilst this plugin resolves the main issues preventing the use of the Apache Cordova WKWebView plugin, there are other known issues with that plugin.

Contributing

This is an open source project maintained by Oracle Corp. Pull Requests are currently not being accepted. See CONTRIBUTING for details.

Keywords

FAQs

What is cordova-plugin-alpha-wkwebview-file-xhr-fix?

Is cordova-plugin-alpha-wkwebview-file-xhr-fix well maintained?

Last updated on 31 Oct 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

cordova-plugin-alpha-wkwebview-file-xhr-fix

cordova-plugin-alpha-wkwebview-file-xhr-fix 2.3.1