Menu
I have an iOS hybrid app centred around a WKWebView loading local web assets with loadFileURL. The WKWebView communicates over HTTPS to a backend API with jQuery.ajax. The app is mobile-only and I want the API to also be "mobile-only". That is, I want to block browsers such as Chrome and Firefox from using the API.
My strategy is to set the Access-Control-Allow-Origin header on API responses as follows:
Access-Control-Allow-Origin: app://myApp
Can I change the origin of the WKWebView to app://myApp to avoid browsers from querying the API?
633
WKWebView - This view allows developers to embed web content in your app. You can think of WKWebView as a stripped-down version of Safari. It is responsible to load a URL request and display the web content. WKWebView has the benefit of the Nitro JavaScript engine and offers more features.
Since then, we've recommended that you adopt WKWebView instead of UIWebView and WebView — both of which were formally deprecated. New apps containing these frameworks are no longer accepted by the App Store.
Overview. A WKWebView object is a platform-native view that you use to incorporate web content seamlessly into your app's UI. A web view supports a full web-browsing experience, and presents HTML, CSS, and JavaScript content alongside your app's native views.
You create a WKWebViewConfiguration object in your code, configure its properties, and pass it to the initializer of your WKWebView object. The web view incorporates your configuration settings only at creation time; you cannot change those settings dynamically later.
WKWebView was introduced in iOS 8 allowing app developers to implement a web browsing interface similar to that of mobile Safari. This is due, in part, to the fact that WKWebView uses the Nitro Javascript engine, the same engine used by mobile Safari.
You can replace the default UIWebView in your MobileFirst hybrid iOS Cordova app with WKWebView. With the latest iFix release IBM MobileFirst Platform Foundation V7.1.0 ( IF201905221643 ), you can integrate WKWebView with your hybrid iOS Cordova MobileFirst app.
WKWebView provides an improved WebView. WKWebView displays interactive web content, such as for an in-app browser. To enable the WKWebView in a Hybrid MobileFirst app for iOS, follow the below steps.
Case:1
You can inject a JS into WKWebview at time of document creation or document finished loading and hook the java script XMLHTTPRequest open method with your custom implementation to add this custom header for all the AJAX requests from WKWebView.
example code
NSString *XMLHTTPRequestHookJSPath = [[NSBundle mainBundle] pathForResource:@"XMLHTTPRequestHook.js" ofType:nil];
NSString *kXMLHTTPRequestHookJS = [NSString stringWithContentsOfFile:XMLHTTPRequestHookJSPath encoding:NSUTF8StringEncoding error:NULL];
WKUserContentController *contentController = [[WKUserContentController alloc] init];
WKUserScript *script = [[WKUserScript alloc] initWithSource:kXMLHTTPRequestHookJS injectionTime:WKUserScriptInjectionTimeAtDocumentEnd forMainFrameOnly:NO];
[contentController addUserScript:script];
WKWebViewConfiguration *configuration = [[WKWebViewConfiguration alloc] init];
configuration.userContentController = contentController;
self.lastUsedWebView = [[WKWebView alloc] initWithFrame:self.webContainerView.bounds configuration:configuration];
self.lastUsedWebView.navigationDelegate = self;
And in the XMLHTTPRequestHook.js try to hook XMLHttpRequest with your custom implementation to add this custom header and call back the original open method.
Case 2 If you want this header to be added while loading the URLRequest in WKWebview , you can add this header to NSMutableRequest as below and load this request in WKWebview. However with this method you may not have this header in all the AJAX calls from WKWebview.
example code:
WKWebView * webView = /*set up your webView*/
NSMutableURLRequest * request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://example.com/index.html"]];
[request addValue:@"app://myApp" forHTTPHeaderField:@"Access-Control-Allow-Origin"];
// use stringWithFormat: in the above line to inject your values programmatically
[webView loadRequest:request];
Hope this helps.
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
