在 iOS 15.5/Xcode 上使用授权 header 时出现预检错误 - Cordova-ios@6.1.1

Preflight error when using Authorization header on iOS 15.5/Xcode - Cordova-ios@6.1.1

我在 iOS 15.5 上的 cordova 项目有问题 现在我正在尝试在启用标准身份验证的情况下验证 IIS 上的用户登录。 这是来自网络服务器的代码。

<?php

// Prüfen, ob Benutzeranmeldung über IIS erfolgt ist
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header("HTTP/1.1 401 Unauthorized");
    exit;
}

// OK zurückgeben
header("Content-Type: application/json");
echo '{"login":"ok"}';
?>

这里是来自 iPhone 的 javascript 请求:

function benutzeranmeldungPruefen() {


    var loginString = eingabeBenutzername + ":" + eingabeKennwort;
    var loginStringBase64 = "Basic " + btoa(loginString); // String für Header in Base64 codieren

    
    // Login-Header definieren
    $.ajaxSetup({
        headers: { "Authorization": loginStringBase64 },
            timeout: 10000
    });
    
    var servername = localStorage.getItem("Server");
    var port = localStorage.getItem("Port");
    var https = localStorage.getItem("Https");
 
    // HTTP-GET-Request erstellen
    var get = $.get( https+"://"+servername+":"+port+"/logincheck.php");

    get.done(function( data ) {
        
        // Prüfen, ob Anmeldung erfolgreich war
        if (data["login"] == "ok") {
            
            localStorage.setItem("Benutzer", eingabeBenutzername);
            localStorage.setItem("Kennwort", eingabeKennwort);
            
        }
        else {
            // Grafische Anpassungen und Protokoll
            document.getElementById("statusLogin").innerHTML += "<br />Authentifizierung fehlgeschlagen.";
            document.getElementById("buttonLogin").setAttribute("style", "display:block;");
            
        }
        
        // Grafische Anpassungen
        document.getElementById("loadingLogin").setAttribute("style", "visibility:hidden;");
        //document.getElementById("loadingLogin").setAttribute("style", "display:none;");
        
        
    });

    get.fail(function() {
        // Grafische Anpassungen und Protokoll
        document.getElementById("buttonLogin").setAttribute("style", "display:block;");
        document.getElementById("loadingLogin").setAttribute("style", "visibility:hidden;");
        $("#seiteErsteinrichtung").removeClass("loading");
        alert( "Fehler beim Überprüfen der Zugangsdaten!" );
    })
    
}

如果我构建应用程序并 运行 它在我的 iPhone 上,我通过使用 safari 进行调试时遇到此错误:

[Error] Preflight response is not successful. Status code: 401
[Error] XMLHttpRequest cannot load https://192.168.178.10/logincheck.php due to access control checks.
[Error] Failed to load resource: Preflight response is not successful. Status code: 401 (logincheck.php, line 0)

并寻找 header 这就是我得到的:

overview
URL: http://192.168.178.10/logincheck.php
Status: —
Quelle: —
Initiator:
jquery-2.2.2.min.js:4:16032


Request
Accept: */*
Authorization: BasicBasic VGVzdDoxMjM0NTY=
Origin: null
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148

Answer
no Response-Header

我已经设置了所有我可以在我的网络配置文件中在线找到的 header,遗憾的是没有成功:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <customErrors mode="Off" />
    </system.web>
    <system.webServer>
        <handlers>
            <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
            <!--<remove name="OPTIONSVerbHandler" /> !-->
            <remove name="TRACEVerbHandler" />
            <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
        </handlers>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Origin" value="*" />
                <add name="Access-Control-Allow-Credentials" value="true"/>
                <add name="Access-Control-Max-Age" value="5000"/>
                <add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,OPTIONS" />
                <add name="Access-Control-Allow-Headers" value="Origin, Authorization, Content-Type, Content-Range, Content-Disposition, Content-Description, X-Requested-With, X-ACCESS_TOKEN" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

如果我从请求中删除授权 header,我至少会从服务器得到一个答案:

Overview
URL: https://apptest.itunds.de:17635/logincheck.php
Status: 401 Unauthorized
Quelle: Netzwerk
Adresse: 192.168.252.253:17635
Initiator:
jquery-2.2.2.min.js:4:16032


Request
POST /logincheck.php HTTP/1.1
Accept: */*
Origin: null
Accept-Encoding: gzip, deflate, br
Host: apptest.itunds.de:17635
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148
Accept-Language: de-DE,de;q=0.9
Content-Length: 0
Connection: keep-alive

Answer
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Content-Type: text/html
Access-Control-Max-Age: 5000
Access-Control-Allow-Methods: GET,POST,DELETE,OPTIONS
Date: Fri, 27 May 2022 07:42:08 GMT
Access-Control-Allow-Headers: Origin, Authorization, Content-Type, Content-Range, Content-Disposition, Content-Description, X-Requested-With, X-ACCESS_TOKEN
Content-Length: 1344
Access-Control-Allow-Origin: *
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Www-Authenticate: Basic realm="192.168.178.10"

我不知道是什么导致了这个问题或如何解决它。 我试图解决这个问题将近 3 天,但我找不到任何东西。 我真的需要帮助。

因为WKWebView上没有origin所以Preflight会失败。您是否在 config.xml 中设置了任何来源和方案?

 <preference name="scheme" value="app" />
 <preference name="hostname" value="localhost" />

你也可以试试https://github.com/globules-io/cordova-plugin-ios-xhr