Home > OS >  Preflight error when using Authorization header on iOS 15.5/Xcode - [email protected]
Preflight error when using Authorization header on iOS 15.5/Xcode - [email protected]

Time:06-19

I'm having problems with my cordova Project on iOS 15.5 Right now I'm trying to verify an user login on IIS with standardauthentification enabled. Here the code from the webserver.

<?php

// Prüfen, ob Benutzeranmeldung über IIS erfolgt ist
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header("HTTP/1.1 401 Unauthorized");
    exit;
}

// OK zurückgeben
header("Content-Type: application/json");
echo '{"login":"ok"}';
?>

And here the javascript request from the iPhone:

function benutzeranmeldungPruefen() {


    var loginString = eingabeBenutzername   ":"   eingabeKennwort;
    var loginStringBase64 = "Basic "   btoa(loginString); // String für Header in Base64 codieren

    
    // Login-Header definieren
    $.ajaxSetup({
        headers: { "Authorization": loginStringBase64 },
            timeout: 10000
    });
    
    var servername = localStorage.getItem("Server");
    var port = localStorage.getItem("Port");
    var https = localStorage.getItem("Https");
 
    // HTTP-GET-Request erstellen
    var get = $.get( https "://" servername ":" port "/logincheck.php");

    get.done(function( data ) {
        
        // Prüfen, ob Anmeldung erfolgreich war
        if (data["login"] == "ok") {
            
            localStorage.setItem("Benutzer", eingabeBenutzername);
            localStorage.setItem("Kennwort", eingabeKennwort);
            
        }
        else {
            // Grafische Anpassungen und Protokoll
            document.getElementById("statusLogin").innerHTML  = "<br />Authentifizierung fehlgeschlagen.";
            document.getElementById("buttonLogin").setAttribute("style", "display:block;");
            
        }
        
        // Grafische Anpassungen
        document.getElementById("loadingLogin").setAttribute("style", "visibility:hidden;");
        //document.getElementById("loadingLogin").setAttribute("style", "display:none;");
        
        
    });

    get.fail(function() {
        // Grafische Anpassungen und Protokoll
        document.getElementById("buttonLogin").setAttribute("style", "display:block;");
        document.getElementById("loadingLogin").setAttribute("style", "visibility:hidden;");
        $("#seiteErsteinrichtung").removeClass("loading");
        alert( "Fehler beim Überprüfen der Zugangsdaten!" );
    })
    
}

If I build the app and run it on my iPhone i get this error through debugging with safari:

[Error] Preflight response is not successful. Status code: 401
[Error] XMLHttpRequest cannot load https://192.168.178.10/logincheck.php due to access control checks.
[Error] Failed to load resource: Preflight response is not successful. Status code: 401 (logincheck.php, line 0)

and looking for the headers thats what I got:

overview
URL: http://192.168.178.10/logincheck.php
Status: —
Quelle: —
Initiator:
jquery-2.2.2.min.js:4:16032


Request
Accept: */*
Authorization: BasicBasic VGVzdDoxMjM0NTY=
Origin: null
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148

Answer
no Response-Header

I've set all headers I could find online in my web config file sadly without success:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <customErrors mode="Off" />
    </system.web>
    <system.webServer>
        <handlers>
            <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
            <!--<remove name="OPTIONSVerbHandler" /> !-->
            <remove name="TRACEVerbHandler" />
            <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
        </handlers>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Origin" value="*" />
                <add name="Access-Control-Allow-Credentials" value="true"/>
                <add name="Access-Control-Max-Age" value="5000"/>
                <add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,OPTIONS" />
                <add name="Access-Control-Allow-Headers" value="Origin, Authorization, Content-Type, Content-Range, Content-Disposition, Content-Description, X-Requested-With, X-ACCESS_TOKEN" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

If I remove the Authorization header from the request I atleast get an answer from the Server:

Overview
URL: https://apptest.itunds.de:17635/logincheck.php
Status: 401 Unauthorized
Quelle: Netzwerk
Adresse: 192.168.252.253:17635
Initiator:
jquery-2.2.2.min.js:4:16032


Request
POST /logincheck.php HTTP/1.1
Accept: */*
Origin: null
Accept-Encoding: gzip, deflate, br
Host: apptest.itunds.de:17635
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148
Accept-Language: de-DE,de;q=0.9
Content-Length: 0
Connection: keep-alive

Answer
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Type: text/html
Access-Control-Max-Age: 5000
Access-Control-Allow-Methods: GET,POST,DELETE,OPTIONS
Date: Fri, 27 May 2022 07:42:08 GMT
Access-Control-Allow-Headers: Origin, Authorization, Content-Type, Content-Range, Content-Disposition, Content-Description, X-Requested-With, X-ACCESS_TOKEN
Content-Length: 1344
Access-Control-Allow-Origin: *
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Www-Authenticate: Basic realm="192.168.178.10"

I have no idea whats causing this problem or how to fix it. I'm trying to fix that Problem no for almost 3 days and I can't find anything. I really need help with this.

CodePudding user response:

It's because there is no origin on WKWebView so the Preflight will fail. Did you set any origin and scheme in your config.xml ?

 <preference name="scheme" value="app" />
 <preference name="hostname" value="localhost" />

You can also try https://github.com/globules-io/cordova-plugin-ios-xhr

  • Related