Hi,
I have an Ionic Hybrid App with this specs:
My app make request to a SOAP backend which is secured with a HttpOnly secure cookie JSESSIONID (Tomcat server).
I have enabled CORS so that my requests are able to reach the backend, this is the Tomcat CORS filter:
When I do login against the backend the server SETS a cookie (JSESSION):
Which it would be used to send in subsequent request to backend to authenticate in secured WS. This is the code to make request with httpclient angular(Same for subsequent request)
The problem is on iOS/safari , the subsequent request not sent the Cookie Header with the JSESSIONID value. On Android, chrome works fine
A strange additional info:
Same build of app deployed on Iphone 6 iOS v12.4.5 works fine. On a iPhone X with iOS v 14 and simulators(any version) not work.
¿What would be the problem? How can I fix this?
I have an Ionic Hybrid App with this specs:
Ionic 3.9.2
Angular 5.2.11
Cordova Android 8.1.0 and iOS 5.1.1
Cordova 8.0.0
cordova-plugin-ionic-webview 5.0.0
WKWebview
My app make request to a SOAP backend which is secured with a HttpOnly secure cookie JSESSIONID (Tomcat server).
I have enabled CORS so that my requests are able to reach the backend, this is the Tomcat CORS filter:
Code Block <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>ionic://localhost,http://localhost</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,SOAPAction,Cache-Control</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
When I do login against the backend the server SETS a cookie (JSESSION):
Code Block Set-Cookie: JSESSIONID=00000000....; Path=/; Secure; HttpOnly
Which it would be used to send in subsequent request to backend to authenticate in secured WS. This is the code to make request with httpclient angular(Same for subsequent request)
Code Block this.http.post(wsurl, xml, { withCredentials: true, responseType: 'text', headers: headers, observe: 'response' }) .toPromise() .then(response => {}) .catch(err =>{})
The problem is on iOS/safari , the subsequent request not sent the Cookie Header with the JSESSIONID value. On Android, chrome works fine
A strange additional info:
Same build of app deployed on Iphone 6 iOS v12.4.5 works fine. On a iPhone X with iOS v 14 and simulators(any version) not work.
¿What would be the problem? How can I fix this?