In my the directory for my api, my htaccess file has the following lines:
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Pragma, Expires, Cache-Control, Content-Type, X-Requested-With, Authorization"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Content-Security-Policy "upgrade-insecure-requests;"
Header always set Access-Control-Max-Age: 86400
RewriteEngine On
RewriteCond %{HTTP:X-Requested-With} !^com.myApp$ [NC]
RewriteCond %{HTTPS:Origin} !myApp [NC]
RewriteRule ^ - [F]
Android passes these two headers as:
Origin: https://myApp
X-Requested-With: com.myApp
iOS passes these two headers as:
Origin: ionic//myApp
X-Requested-With: com.myApp
My app on Android devices are able to connect to the server without. But on iOS, my app is being denied connections to the server. What is happening on iOS that these rules are causing problems; how can I resolve this for iOS?
If I comment out the X-Requested-With condition and change the Origin condition to: %{HTTP:Origin} .... then it works on iOS. But why is HTTPS:Origin working for Android and not iOS? Why is HTTP:X-Requested-With working for Android and not iOS?
Last, how can I write a conditional statement, something like:
RewriteCond %{HTTP:Origin} == https://myApp OR ionic//myApp
Its is easier to write an == OR condition than to write a != OR condition
