About the cordova-plugin-wkwebview-file-xhr
This plugin makes it possible to reap the performance benefits of using the WKWebView in your Cordova app by resolving the following issues:
The default behavior of WKWebView is to raise a cross origin exception when loading files from the main bundle using the file protocol - "file://". This plugin works around this shortcoming by loading files via native code if the web view's current location has "file" protocol and the target URL passed to the open method of the XMLHttpRequest is relative. As a security measure, the plugin verifies that the standardized path of the target URL is within the "www" folder of the application's main bundle or in the /Library path of the application data directory.
Since the application's starting page is loaded from the device's file system, all XHR requests to remote endpoints are considered cross origin. For such requests, WKWebView specifies "null" as the value of the Origin header, which will be rejected by endpoints that are configured to disallow requests from the null origin. This plugin works around that issue by handling all remote requests at the native layer where the origin header will be excluded.
Plugin installation requires Cordova 4+ and iOS 9+. It will install the Apache Cordova WKWebView plugin
cordova plugin add cordova-plugin-wkwebview-file-xhr
// read local resourcevar xhr = ;xhr;xhr;xhr;// post to remote endpointvar xhr = ;xhr;xhr;xhrresponseType = "json";xhr;xhr;xhr;
The following configuration options modify the default behavior of the plugin. The values are specified in config.xml as preferences:
- AllowUntrustedCerts: on|off (default: off). If "on", requests routed to the native implementation will accept self signed SSL certificates. This preference should only be enabled for testing purposes.
- InterceptRemoteRequests: all|secureOnly|none (default: secureOnly). Controls what types of remote XHR requests are intercepted and handled by the plugin. The plugin always intercepts requests with the file:// protocol. By default, the plugin will intercept only secure protocol requests ("https").
Whilst this plugin resolves the main issues preventing the use of the Apache Cordova WKWebView plugin, there are other known issues with that plugin.
This is an open source project maintained by Oracle Corp. Pull Requests are currently not being accepted. See CONTRIBUTING for details.
Copyright (c) 2018 Oracle and/or its affiliates The Universal Permissive License (UPL), Version 1.0