You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The cause of the problem is the fix for #113. It causes mod_auth_openidc to directly send a 401 Unauthorized when the request contains an X-Requested-With HTTP header making impossible the access from an Android Webview. iOS webviews are not sending this header and not hurt by the problem.
As a workaround, it is possible to use mod_headers and to configure this: RequestHeader unset X-Requested-With early
but this is not really a clean solution.
The text was updated successfully, but these errors were encountered:
Thanks for the heads up on the issue and the workaround. At the time I wanted to avoid having yet another configuration option to turn this off/on, but it seems now there's no way to avoid it.
Is the WebView using the value XMLHttpRequest or perhaps some other value?
Webviews used in Android App seem to send (allways?) an
X-Requested-With
HTTP header (see for instance http://stackoverflow.com/questions/35499411/what-are-the-benefits-for-android-to-add-x-requested-with-on-webview-requests).The cause of the problem is the fix for #113. It causes mod_auth_openidc to directly send a
401 Unauthorized
when the request contains anX-Requested-With
HTTP header making impossible the access from an Android Webview. iOS webviews are not sending this header and not hurt by the problem.As a workaround, it is possible to use mod_headers and to configure this:
RequestHeader unset X-Requested-With early
but this is not really a clean solution.
The text was updated successfully, but these errors were encountered: