Return-Path: X-Original-To: apmail-cordova-dev-archive@www.apache.org Delivered-To: apmail-cordova-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 08FA6F143 for ; Wed, 17 Apr 2013 18:48:55 +0000 (UTC) Received: (qmail 30843 invoked by uid 500); 17 Apr 2013 18:48:54 -0000 Delivered-To: apmail-cordova-dev-archive@cordova.apache.org Received: (qmail 30802 invoked by uid 500); 17 Apr 2013 18:48:54 -0000 Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list dev@cordova.apache.org Received: (qmail 30794 invoked by uid 99); 17 Apr 2013 18:48:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Apr 2013 18:48:54 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of iclelland@google.com designates 209.85.214.170 as permitted sender) Received: from [209.85.214.170] (HELO mail-ob0-f170.google.com) (209.85.214.170) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Apr 2013 18:48:48 +0000 Received: by mail-ob0-f170.google.com with SMTP id eh20so618118obb.29 for ; Wed, 17 Apr 2013 11:48:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=A8CrcooY4sVOa7zo9QLlwlTewq9jYU7EZaZ9YXhbapU=; b=dtN96P4nTCD1+yEMDgDtdZbbzvPqPbmhiBU9F3cGFTnXS01NGSj5GT6yhbO5nneaIM TMC4x5fhPQwZ8H3a2Mx0E7xog64kuUNjetE6S9TSel/OpvtkBBxLV9VlghGIsf2F6xpz PVFrkXKw8sfo99tlujoITK35dEg5Vf8IFPilrJ32XdC2j5RQ74lrcyAWu3GLR95H09Oo 03LlSx8K0nZBxHD+kkwl6BLf+6BIjjOyBZ7Cbkp8vJyM4zX3VOipudt5Hg9Hxh1Oitd7 fzRzul9K3VYlHOVzEWGGIBv1Y6QrIzl6kIvHYF20yTL7sGfevKnw81ursaO/VvN+YIq6 PHog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type:x-gm-message-state; bh=A8CrcooY4sVOa7zo9QLlwlTewq9jYU7EZaZ9YXhbapU=; b=bVHHxg9RP2SqSclVxDMcfS2DQ9JJyZFq3jDDb8U3IzhptNSnQ+nWZg0eTf4oq7bG6k /MNGSdOFNWOWyj9TWp5Hc0hSJIxW0APxV1NHffskW5/xy59Aq8Rbqkix6i4LNNLjQObG yjsePWfgHeJkoGSb+gpzm5l0zJezun4C6jAxxByjGHn2UODbbFOq2A3AHz85Z/FvxpQS 0dJ59gLhNOudMozWffGFcM/x97ANoYFQBeW0inttp1dF/RD+nUQmZkdHCA3rLciNGdir vLssWejHrhhLTejAP45xWY6A3HUvntOHCLUNgrw5CzO5IeUU7FqcFE8rAzEWrCxd7y88 CZOw== MIME-Version: 1.0 X-Received: by 10.182.84.135 with SMTP id z7mr2953312oby.35.1366224084327; Wed, 17 Apr 2013 11:41:24 -0700 (PDT) Received: by 10.76.144.161 with HTTP; Wed, 17 Apr 2013 11:41:24 -0700 (PDT) In-Reply-To: References: Date: Wed, 17 Apr 2013 14:41:24 -0400 Message-ID: Subject: Re: Making WebView's WebSQL work on Android 3.0+ From: Ian Clelland To: dev@cordova.apache.org Content-Type: multipart/alternative; boundary=089e013a26963af29804da92d5c5 X-Gm-Message-State: ALoCoQmdtYF1yVL6oL4ob1hb4O9Ecn9xZLPElBInrJ00Mnr0OxzIVLtcBVWwS8U1Xez0ehAC1073Ew12eWoko6nAxVSfy7hH/978/wHif5v2P19dwX3ZLFoG98BiyiJP+BUg1Ur9/g/t/s42B+/5VINRda3HOIdIi1OJYm/ts9RyGUctDY9ZtBCCQU1zsYATlaYxORBQfUW+ X-Virus-Checked: Checked by ClamAV on apache.org --089e013a26963af29804da92d5c5 Content-Type: text/plain; charset=UTF-8 Specifically with iOS, setting the start page to a chrome-extension:// url causes the underlying UIWebView to apply CORS policies to all XHR requests. UIWebView seems to use the same restrictions as desktop Safari: - Requests coming from file:/// urls do not use the Origin header - Requests coming from other schemes (such as chrome-extension://) have an Origin header applied, and the UIWebView validates the Access-Control-* headers in the response. In practice, this means that when we make an XHR to an origin server which doesn't support CORS, the response is rejected by the UIWebView, and the XHR completes with an error. (I'm looking at a couple of ways to work around this; hopefully we don't have to go as far as replacing the HTTP stack on iOS now, too) Ian On Wed, Apr 17, 2013 at 1:34 PM, Michal Mocny wrote: > Ian has been running into some issues with CORS while working on porting an > app, I'll let him comment on specifics. > > > On Wed, Apr 17, 2013 at 12:27 PM, Michael Brooks > wrote: > > > Very cool Andrew. Does this affect the cross-origin policy? Many users > > exploit the ability to make requests across multiple domains. > > > > Michael > > > > > > On Wed, Apr 17, 2013 at 8:35 AM, Andrew Grieve > > wrote: > > > > > Just tried it with: > > > > > > chrome-extension://asdf/chromeapp.html?foo:1?#asdf?ds#af:s > > > > > > Had to make a slight tweak to IceCreamCordovaWebViewClient, but it > worked > > > fine. > > > > > > > > > On Wed, Apr 17, 2013 at 12:39 AM, Joe Bowser > wrote: > > > > > > > How does this affect URI handling? We've had far bigger issues with > > > > file:///android-asset failing on ICS+. Did you test with URIs that > > > contain > > > > a question mark, pound or a colon? > > > > > > > > On Apr 16, 2013 7:23 PM, "Andrew Grieve" > wrote: > > > > > > > >> Found a juicy hack that works around the webview disabling WebSQL > for > > > >> file: URLs. > > > >> > > > >> For our Chrome Apps plugins, we serve apps from chrome-extension:// > > URLs > > > >> instead of file:// URLs. This is possible via > > shouldInterceptRequest(), > > > >> where we just map the requests to the files. > > > >> > > > >> So... I had the idea to test the WebSQL mobile-spec tests under this > > > >> scheme (while disabling Android's custom WebSQL work-around), and it > > > seemed > > > >> to work fine. > > > >> > > > >> I think that this means that we could change Cordova app urls to be > > > >> cordova:// (for ICS+), and could then delete the storage plugin. > > > >> > > > >> What do you think? > > > >> > > > > > > > > > > --089e013a26963af29804da92d5c5--