Jacob Allen Jacob Allen - 21 days ago 8
Ajax Question

Cordova application's ajax hanging on iPhone 7

I am using Cordova's CLI to build a mobile application which consists of HTML, CSS, and JavaScript. The application is using jQuery 2.1.4, jQuery Mobile 1.4.5, and being packaged with Cordova 6.4.0. The application is being targed for Android 6.0.0 and iOS 10.1.

I have an issue where all of my ajax calls are hanging on iPhone 7 devices only. Below is am example of a type of ajax call I am trying to make.

$.ajax({
type: 'POST',
url: 'https://my.domain.com/myendpoint.php?parm=value',
beforeSend: function (request) {
request.setRequestHeader('Content-Type', 'application/json');
request.setRequestHeader('Accept', 'application/json');
request.setRequestHeader('Authorization', 'Basic ' + authstring);
}
})


I cannot make GET or POST requests to any of my endpoints, all of them just hang indefinitely. When I add a timeout of 60 seconds to the request the timeout will trigger my fail function after the 60 seconds. I have tried hitting HTTPS endpoints with App Transport Security enabled, as well as HTTP endpoints with App Transport Security disabled. No matter what I try the ajax will simply hang and never fail or complete unless I include a timeout.

I have tested the application on an iPhone 5, iPhone 5C, iPhone 6, and iPhone 6S, all of which on iOS 10.1.1. These do not hang and the ajax requests complete as expected. Even stranger, the ajax requests also work in XCode's iPhone 7 Simulator. However, all of my iPhone 7 users, as well as my iPhone 7 test device experience this issue where the ajax hangs indefinitely.

Any suggestions on how to fix this issue?

Answer

Jake you can try to add something like this to your info.plist

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>vimeo.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.0</string>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
        </dict>
    </dict>
</dict>

and you can also try

<!-- Enable all requests, inline styles, and eval() -->
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';">

If all else fails you can try this fix, which seems to work if you are getting an auth challenge that is causing the ajax to fail

https://github.com/tripodsan/cordova-ios/commit/5f0133c026d6e21c93ab1ca0e146e125dfbe8f7e

or you can try this plugin for cordova that allows http requests Click Here

One last link explaining the changes to the security policy and how to fix it. Click Here