Holger Bähren Holger Bähren - 24 days ago 11
Javascript Question

Cordova app can't connect with Dynamics NAV Web-Service (ODATA) after update to iOS 10

We are developing an app with Cordova that syncs information with an ODATA Web-Service made available by a Microsoft Dynamics NAV 2013 Middle tier.
Under Android there is no problem with the connection and under iOS 8 and 9 it works as well. On Devices using iOS 10 the connection does not work and returns a HTTP 400 Bad Request error.
The connection has the following structure (this is test code, works on Android and iOS 8 and 9, but not on iOS 10)

var xreq = new XMLHttpRequest();
xreq.open('GET', "http://domain:port/MIDDLETIER/OData/MobileSetupMWP?$format=json",true,username,password);
xreq.onreadystatechange = function () {
if (xreq.readyState == 4) {
if (xreq.status == 200) {
alert("success");
} else {
alert("failure");
}
}
}
try {
xreq.send();
} catch (e) {
}


The Web-Service uses Digest as authentication and is available as a http and a https Web-Service. Both the http and https work with Android and iOS 8 and 9. Connecting to a http ODATA Web Service without authentication (http://services.odata.org/V3/OData/OData.svc/) works on iOS 10 so the problem seems to be related to the authentication.

We have already included the following part in a plugin:

<platform name="ios">
<config-file target="*-Info.plist" parent="NSPhotoLibraryUsageDescription">
<string>Für Bildvorschau wird die geräteeigene Fotogalerie verwendet</string>
</config-file>
<config-file target="*-Info.plist" parent="ITSAppUsesNonExemptEncryption">
<false/>
</config-file>
<config-file target="*-Info.plist" parent="NSAppTransportSecurity">
<dict><key>NSAllowsArbitraryLoads</key><true /></dict>
</config-file>
</platform>


This is the Content Security Policy we are using

<meta http-equiv="Content-Security-Policy" content="default-src * blob: data: ws: wss: gap://ready ; style-src 'self' 'unsafe-inline' 'unsafe-eval' * ;
script-src 'self' 'unsafe-inline' 'unsafe-eval' * ; connect-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: ; img-src * data: blob:">


Any ideas what the problem could be or what we could test?

Answer

The problem was solved by Apple with the 10.2 Beta version. Connection with DIGEST Web Services is possible again.

Comments