Description
Bug Report
Describe the Bug
We, I and other Ionites, noticed that https requests on iOS v12 are failing respectively never reach our backends. Some are facing preflight error or typical CORS errors but in any case, requests aren't reaching our backend.
When it comes to me, I could confirm that my app is productive and the fact that this error only occurs on iOS >= v12
Errors
In Xcode 10 Beta I get the following error:
{“headers”:{“normalizedNames”:{},“lazyUpdate”:null,“headers”:{}},“status”:0,“statusText”:“Unknown Error”,“url”:null,“ok”:false,“name”:“HttpErrorResponse”,“message”:“Http failure response for (unknown url): 0 Unknown Error”,“error”:{“isTrusted”:true}}
I added so much log I could on my backend API side, unfortunately nothing was parsed, it looks like nothin reach it
Report
I have reported my problem to Apple too. Can't tell if it's an iOS v12 bug or an improvement which should be developed in the WkWebView plugin in order to be compatible for v12, therefore I allowed my self to open this issue
Other resources
Discussion on the Ionic forum: https://forum.ionicframework.com/t/ios-12-beta-preflight-requests-fail/132177/9
Open radar about a similaire issue: https://openradar.appspot.com/radar?id=4959044250894336
Stackoverflow: https://stackoverflow.com/questions/50707146/ios-v12-https-requests-errors
Version
cordova-plugin-ionic-webview: 1.2.1
ionic-angular: 3.9.2
angular/http: 5.0.0
node: 10.2.1
Note
It fails with any https requests but if you need a repo to reproduce the problem, sure let me know, I will take the time if needed
Node / Express
I set the following headers in my backend, which like I said, works find till iOS < v12
var allowedOrigins = ["https://example.com", "http://ionic.local", "http://localhost:8080"];
var origin = req.headers.origin;
if(allowedOrigins.indexOf(origin) > -1){
res.setHeader('Access-Control-Allow-Origin', origin);
} else {
res.setHeader("Access-Control-Allow-Origin", "https://example.com");
}
res.header("Access-Control-Allow-Credentials", "true")
res.header("Access-Control-Allow-Headers", "Origin, Authorization, Content-Type, Content-Range, Content-Disposition, Content-Description, X-Requested-With, X-ACCESS_TOKEN");
res.header("Access-Control-Allow-Methods", "GET,PUT,POST");
Note: Even if I set res.setHeader('Access-Control-Allow-Origin', '*');
if won't work, really have the feeling the https query doesn't reach the backend, I did add some logging in that section of my backend but nothing was logged
Side note
On the same simulated device with iOS v12, I opened Safari and used my Angular web app to see if I was facing the same problem (in my web app I use angular http too the query the same backend) which actually wasn't the case, no problem there
Activity
mhartington commentedon Jun 6, 2018
@peterpeterparker Thanks for the issue! We'll be tracking this and keeping an eye on things.
WWDC builds of iOS tend to have quite a few bugs, so we'll need to keep checking this, as it could be a bug in this build of WKWebview
peterpeterparker commentedon Jun 6, 2018
@mhartington really nice to hear that, thx for the support 👍
Craytor commentedon Jun 8, 2018
Also, for the record, I can attest that this is indeed an issue. I really hope Apple is able to resolve it!
lassic commentedon Jun 11, 2018
Haven't tried iOS 12 yet, but I can say that from iOS > 11.3 WKWebView fails on
navigator.sendBeacon
to HTTPS. The same POST with XHR is successful (also HTTP is successful, it's a TLS issue).The client seems to break the connection right after the TLS handshake is complete.
and console shows "Failed HTTP authentication" error.
Interestingly, forcing the browser to preconnect with:
<link href='https://...' rel='preconnect' crossorigin/>
before callingsendBeacon
makes it succeed (seems that preconnect creates a valid TLS session that can then be reused).Wild guess, but perhaps XHR in iOS 12 is now reusing the same code that broke
sendBeacon
in > 11.3?Pittan commentedon Jun 12, 2018
I'm facing with the same issue.
I'm using just a WKWebView + Angular instead of ionic + cordova.
I think it is a bug for WKWebView in v12, too. No problem with Safari here.
sunderls commentedon Jun 12, 2018
run into this issue as well.
Same CORS settings works on iOS11
Serlight commentedon Jun 12, 2018
I test HTTP work well, but HTTPS run into this issue.
when post with form-data work well, if post with son-data, will run into this issue
mewehren commentedon Jun 12, 2018
IOS 12 beta2 fix it?
mhartington commentedon Jun 12, 2018
@peluqui2010 Beta 2 is not out yet.
@peterpeterparker Could you create a sample test project to test against? This way, as new beta's are released, we can test against some real code. We can also test this in mobile safari as well since that also uses wkwebview
peterpeterparker commentedon Jun 12, 2018
@mhartington sure I'll right now
Is it ok if I send you an invite to get the test project thru a private bitbucket repo? Not to difficult to find but still I would be happy to keep my productive api backend a bit under radar you know...
mhartington commentedon Jun 12, 2018
Sounds good. it's mahrtington on bitbucket as well.
peterpeterparker commentedon Jun 12, 2018
@mhartington I have build the same repo and invited you, let me know if everything is alright
IMPORTANT I discovered something really interesting while developing this sample repo, actually, Https GET queries are still fine with iOS v12 but I face problems with POST requests
GET = OK
POST = KO
Would be happy to hear if someone could confirm that
P.S.: I didn't tried PUT and DELETE
mhartington commentedon Jun 12, 2018
@peterpeterparker are you in the ionic slack? Got a few questions for you
peterpeterparker commentedon Jun 13, 2018
@mhartington don't think I'm now, you could send me an invite plz
31 remaining items