Cordova iOS 6+ File XHR Plugin

Usage no npm install needed!

<script type="module">
  import globulesIoCordovaPluginIosXhr from 'https://cdn.skypack.dev/@globules-io/cordova-plugin-ios-xhr';



cordova-ios 6+ File XHR Plugin


Originally, this plugin was a merge of two other plugins, and made compatible for cordova-ios 6+.



It's been since remodified and the code from TheMattRay has now been entirely removed. It is kept here as original reference. This could be turned into a PR to cordova-plugin-wkwebview-file-xhr, if time allows it, or if anybody wants to go at it! All credits go to Oracle.


Install latest release

 cordova plugin add @globules-io/cordova-plugin-ios-xhr

Or install from github master

 cordova plugin add https://github.com/globules-io/cordova-plugin-ios-xhr


 cordova plugin rm @globules-io/cordova-plugin-ios-xhr


 <preference name="NativeXHRLogging" value="full|none" />
 <preference name="AllowUntrustedCerts"  value="true|false" />
 <preference name="InterceptRemoteRequests" value="all|secureOnly" />
 <preference name="CustomUserAgent" value="my_custom_user_agent" />
 <preference name="allowFileAccessFromFileURLs" value="true|false" />
 <preference name="allowUniversalAccessFromFileURLs" value="true|false" />


The default behavior of WKWebView is to raise a cross origin exception when loading files from the main bundle using the file protocol - "file://". This plugin works around this shortcoming by loading files via native code if the web view's current location has "file" protocol and the target URL passed to the open method of the XMLHttpRequest is relative. As a security measure, the plugin verifies that the standardized path of the target URL is within the "www" folder of the application's main bundle or in the /Library path of the application data directory.

Since the application's starting page is loaded from the device's file system, all XHR requests to remote endpoints are considered cross origin. For such requests, WKWebView specifies "null" as the value of the Origin header, which will be rejected by endpoints that are configured to disallow requests from the null origin. This plugin works around that issue by handling all remote requests at the native layer where the origin header will be excluded

Fixes local file access via XHR with WKWebView

CustomUserAgent is only set for XHR requests and does not override cordova's OverrideUserAgent