Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access impossible through Android webview due to blocking of X-Requested-With #228

Closed
mguillem opened this issue Feb 13, 2017 · 1 comment
Closed

Access impossible through Android webview due to blocking of X-Requested-With #228

mguillem opened this issue Feb 13, 2017 · 1 comment

Comments

@mguillem
Copy link

Webviews used in Android App seem to send (allways?) an X-Requested-With HTTP header (see for instance http://stackoverflow.com/questions/35499411/what-are-the-benefits-for-android-to-add-x-requested-with-on-webview-requests).

The cause of the problem is the fix for #113. It causes mod_auth_openidc to directly send a 401 Unauthorized when the request contains an X-Requested-With HTTP header making impossible the access from an Android Webview. iOS webviews are not sending this header and not hurt by the problem.

As a workaround, it is possible to use mod_headers and to configure this:
RequestHeader unset X-Requested-With early
but this is not really a clean solution.
@zandbelt
Copy link
Member

zandbelt commented Feb 13, 2017
edited

Thanks for the heads up on the issue and the workaround. At the time I wanted to avoid having yet another configuration option to turn this off/on, but it seems now there's no way to avoid it.

Is the WebView using the value XMLHttpRequest or perhaps some other value?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mguillem @zandbelt