2.3.1 • Public • Published

cordova-plugin-alpha-wkwebview-file-xhr-fix 2.3.1

About the cordova-plugin-alpha-wkwebview-file-xhr-fix

This plugin is based on the cordova-plugin-wkwebview-file-xhr plugin and has been modified to work with Cordova iOS 6.2.0+ and Alpha Anywhere.

This plugin makes it possible to reap the performance benefits of using the WKWebView in your Cordova app by resolving the following issues:

  • The default behavior of WKWebView is to raise a cross origin exception when loading files from the main bundle using the file protocol - "file://". This plugin works around this shortcoming by loading files via native code if the web view's current location has "file" protocol and the target URL passed to the open method of the XMLHttpRequest is relative. As a security measure, the plugin verifies that the standardized path of the target URL is within the "www" folder of the application's main bundle.

  • Since the application's starting page is loaded from the device's file system, all XHR requests to remote endpoints are considered cross origin. For such requests, WKWebView specifies "null" as the value of the Origin header, which will be rejected by endpoints that are configured to disallow requests from the null origin. This plugin works around that issue by handling all remote requests at the native layer where the origin header will be excluded.


Plugin installation requires Cordova 10+ and iOS 9+.

cordova plugin add cordova-plugin-alpha-wkwebview-file-xhr-fix

Supported Platforms

  • iOS

Quick Example

// read local resource
var xhr = new XMLHttpRequest();
xhr.addEventListener("loadend", function (evt) {
  var data = this.responseText;
  document.getElementById("myregion").innerHtml = data;
});"GET", "js/views/customers.html");

// post to remote endpoint
var xhr = new XMLHttpRequest();
xhr.addEventListener("loadend", function (evt) {
  var product = this.response;
  document.getElementById("productId").value =;
  document.getElementById("productName").value =;
});"POST", "https://myremote/endpoint/product");
xhr.responseType = "json";
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.send(JSON.stringify({ name: "Product 99" }));


The following configuration options modify the default behavior of the plugin. The values are specified in config.xml as preferences:

  • AllowUntrustedCerts: on|off (default: off). If "on", requests routed to the native implementation will accept self signed SSL certificates. This preference should only be enabled for testing purposes.
  • InterceptRemoteRequests: all|secureOnly|httpOnly|none (default: secureOnly). Controls what types of remote XHR requests are intercepted and handled by the plugin. The plugin always intercepts requests with the file:// protocol. By default, the plugin will intercept only secure protocol requests ("https").
  • NativeXHRLogging: none|full (default: none). If "full" the javascript layer will produce logging of the XHR requests sent through the native to the javascript console. Note: natively routed XHR requests will not appear in the web inspector utility when "InterceptRemoteRequests" is "all" or "secureOnly".
  • NoS3Intercepts: true|false (default: false) If set true, any URL that includes "" will not be intercepted and handled by the plugin. Only valid if InterceptRemoteRequests is set to all, secureOnly or httpOnly.

This plugin has been modified from the original to sync cookies returned in the XHR header to the WKWebView.

Whilst this plugin resolves the main issues preventing the use of the Apache Cordova WKWebView plugin, there are other known issues with that plugin.




This is an open source project maintained by Oracle Corp. Pull Requests are currently not being accepted. See CONTRIBUTING for details.


Copyright (c) 2018 Oracle and/or its affiliates The Universal Permissive License (UPL), Version 1.0

Package Sidebar


npm i cordova-plugin-alpha-wkwebview-file-xhr-fix

Weekly Downloads






Unpacked Size

146 kB

Total Files


Last publish


  • rem-alpha