Search code examples
ioscordovaxmlhttprequestcorscordova-plugins

Cordova iOS error: Origin null is not allowed by Access-Control-Allow-Origin

I've upgraded my Cordova iOS app to the latest versions:

iOS 4.1.0
Cordova  6.0.0

And I've updated the plugins and also added the new WKWebView Engine plugin.

I've added my Content-Security-Policy to the index.html file:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data:;connect-src 'self' https://mydomain/myservice/; plugin-types application/pdf">

My config.xml always contained:

<content src="index.html" />
<access origin="*" />

but I added 

<access origin="*.mydomain.*" />

for good measure.

I control the webserver the app is trying to connect to, and I have enabled CORS on it:

<httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
    </customHeaders>
  </httpProtocol>

The server has a valid SSL certificate and all the calls to it are https://.

My plist in xCode has:

Allow Arbitrary Loads : Yes
Exception Domains
    [mydomain]
        NSIncludesSubdomains : Yes
        NSTemporaryExceptionAllowsInsecureHTTPLoads : YES
        NSTemporaryExceptionMinimumTLSVersion : TLSv1.1

I am building and running the app directly on to a device and using Safari Develop to view the error.

I have an Android version of this app, with its own updated base code, which works fine.

My further research indicated that it is the new WKWebView Engine plugin which is causing the problem. But the only suggestions I found about that are within Ionic forums, and I'm not using Ionic for this build.

Just to confirm, these are the error messages I'm getting from Safari in debug:

[Error] Failed to load resource: the server responded with a status of 405 (Method Not Allowed) ([my thing], line 0)
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. ([my thing], line 0)
[Error] XMLHttpRequest cannot load https://[mydomain]/[my service]/[my thing]. Origin null is not allowed by Access-Control-Allow-Origin.
Solution

  • @jcesarmobile was correct. Simply adding the httpProtocol to my web.config wasn't enough. I also had to add the following code to global.asax Application_BeginRequest:

    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*")
    If HttpContext.Current.Request.HttpMethod.Equals("OPTIONS") Then
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "POST, PUT, DELETE")
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept")
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000")
        HttpContext.Current.Response.End()
    End If