Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: send Referer header on ios #3210

Open
jayenashar opened this issue Jul 6, 2020 · 12 comments
Open

feat: send Referer header on ios #3210

jayenashar opened this issue Jul 6, 2020 · 12 comments

Comments

@jayenashar
Copy link

Feature Request

Description

Hello, I am using a service that secures web apps using the HTTP Referer header. This service does allow the capacitor:// scheme which is default on iOS. I am having an issue were capacitor on iOS is not sending the header, even though it does send the Origin header and other headers. The service offers a js npm module which uses XMLHttpRequest. I am not having issues on Android.

Platform(s)

iOS

Preferred Solution

Add the HTTP Referer header to XMLHttpRequests.

Alternatives

Overriding XMLHttpRequest to inject the header. (Haven't tried it, yet.)

Additional Context

Attached safari debugger and found this:

GET /path HTTP/1.1
Accept: /
Origin: capacitor://localhost
Host: host.name.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148
Accept-Language: en-us
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
@jayenashar
Copy link
Author

jayenashar commented Jul 6, 2020

The alternative doesn't work for loading images in an <img>. Any way to tell capacitor to send the Referer?

Here is the code I wrote for the alternative. It shows an error on android, as it's not allowing setting the referer. On iOS, it silently fails to add the referer.

window.XMLHttpRequest = class extends window.XMLHttpRequest {
  open(...args) {
    const retval = super.open(...args);
    this.setRequestHeader('Referer', window.location.toString());
    return retval;
  }
}

@dducrest
Copy link

dducrest commented Mar 26, 2022

Has anyone discovered or proposed any alternatives?

@jayenashar
Copy link
Author

you can try https://github.com/capacitor-community/http as a replacement for window.XMLHttpRequest

@dducrest
Copy link

@jayenashar i will. thank you for the suggestion.

@Dante1349
Copy link
Contributor

#6387 this could fix the problem

@luxferre
Copy link

luxferre commented Jul 8, 2024

need this too, for domain-restricted external images,raster map tiles in particular

@tachibana-shin
Copy link

For those who can't set referer I believe the problem is that default Request doesn't accept that. We can patch it like this:

self.Request = class extends Request {
    headers = new Headers()
    constructor(body, initParams) {
        super(body, initParams)
        this.headers = new Headers(initParams?.headers)
    }
}

Use

const output = await fetch("https://google.com", {
  headers: { referer: "https://google.com" }
})
.then(res => res.arrayBuffer())

With this patch I can even enable CapacitorHttp from the WebWorker

Tested on Android 7 - 14

@repay
Copy link

repay commented Sep 12, 2024

Anyone actually found a workaround that works for iOS?
Several services that needs referer that cant be used as of now..

@FragsterAt
Copy link

I need this too! Is there any working workaround?

@Duoquote
Copy link

Duoquote commented Oct 21, 2024

I am using axios which uses XMLHttpRequest internally, which works fine on android but do not work on iOS at the moment, my versions are;

    "@capacitor/android": "^6.0.0",
    "@capacitor/app": "^6.0.0",
    "@capacitor/app-launcher": "^6.0.0",
    "@capacitor/assets": "^2.0.4",
    "@capacitor/browser": "^6.0.0",
    "@capacitor/camera": "^6.0.0",
    "@capacitor/core": "^6.0.0",
    "@capacitor/device": "^6.0.0",
    "@capacitor/filesystem": "^6.0.1",
    "@capacitor/ios": "^6.0.0",
    "@capacitor/preferences": "^6.0.0",

image

@zrev2220
Copy link

I am unable to use Bing Maps with a security-enabled API key because of this issue. Are there any plans to fix this soon?

@tachibana-shin
Copy link

I am unable to use Bing Maps with a security-enabled API key because of this issue. Are there any plans to fix this soon?

Let's fork this library and modify the swift code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

10 participants