1. if the main html page is loaded from https connection, then requests using http scheme will be blocked, including xhr request or script element. Even if creating a new iframe, setting the iframe's src to a http url will not load. However, https content can be loaded into http html page.
2. when sending xhr request to server, the wkwebview didReceiveAuthenticationChallenge delegate method will only be called if the xhr request is sent to the same domain as the html DOM tree. If the xhr request is sent to a different domain, then didReceiveAuthenticationChallenge will not be called, and the 401 https status code will return the js code. This also applies to iframe. didReceiveAuthenticationChallenge delegate method will be called only if the xhr request sent to the same domain as iframe main url.
3. if the main html is loaded from a file url (file://somelocalfilepath), then any xhr requests using file url to the files of the same or sub local folder will fail due to cross domain limit. However, this error can be avoided by setting allowFileAccessFRomFileURLS property in wkwebview configuration as shown below
In addition, xhr request to any remote server will be handled same as cross domain xhr request, which requires the Access-Control-Allow-Origin header to be set, and will also not invoke didReceiveAuthenticationChallenge method.
However, if a iframe is created in the file url html page, then the iframe can be set to a remote url (http or https), and the xhr request inside the iframe on the same iframe domain will work and also can receive the didReceiveAuthenticationChallenge callback.
2. when sending xhr request to server, the wkwebview didReceiveAuthenticationChallenge delegate method will only be called if the xhr request is sent to the same domain as the html DOM tree. If the xhr request is sent to a different domain, then didReceiveAuthenticationChallenge will not be called, and the 401 https status code will return the js code. This also applies to iframe. didReceiveAuthenticationChallenge delegate method will be called only if the xhr request sent to the same domain as iframe main url.
3. if the main html is loaded from a file url (file://somelocalfilepath), then any xhr requests using file url to the files of the same or sub local folder will fail due to cross domain limit. However, this error can be avoided by setting allowFileAccessFRomFileURLS property in wkwebview configuration as shown below
[theConfiguration.preferences setValue:@YES forKey:@"allowFileAccessFromFileURLs"];
In addition, xhr request to any remote server will be handled same as cross domain xhr request, which requires the Access-Control-Allow-Origin header to be set, and will also not invoke didReceiveAuthenticationChallenge method.
However, if a iframe is created in the file url html page, then the iframe can be set to a remote url (http or https), and the xhr request inside the iframe on the same iframe domain will work and also can receive the didReceiveAuthenticationChallenge callback.
No comments:
Post a Comment