-1

In Android I can use OkHttp to read any Html page and scan it for items. Can this be done by

I would to convert the Android app to Ionic.

It looks like that any read of an HTML page with HttpClient will result in a CORS or CORB.

So, I cannot read any HTML page in Ionic?

Cœur
  • 37,241
  • 25
  • 195
  • 267
tm1701
  • 7,307
  • 17
  • 79
  • 168
  • Read the error message more carefully. It says it is CORB not CORS. – Quentin Aug 18 '18 at 12:28
  • @Quentin - after creating 8 Android apps, I considered moving to Ionic. Some apps read regular HTML files. I tried many regular HTLM files, it looks as though it is not possible to read any HTML files via Ionic. Correct? – tm1701 Aug 18 '18 at 16:42

2 Answers2

1

The same-origin policy generally prevents one origin from reading arbitrary network resources from another origin. In practice, enforcing this policy is not as simple as blocking all cross-origin loads: exceptions must be established for web features, like or which can target cross-origin resources for historical reasons, and for the CORS mechanism which allows some resources to be selectively read across origins.

Certain types of content, however, can be shown to be incompatible with all of the historically-allowed permissive contexts. JSON is one such type: a JSON response will result in a decode error when targeted by the tag, either a no-op or syntax error when targeted by the tag, and so on. The only case where a web page can load JSON with observable consequences, is via fetch() or XMLHttpRequest; and in those cases, cross-origin reads are moderated by CORS.

By detecting and blocking loads of CORB-protected resources early -- that is, before the response makes it to the image decoder or JavaScript parser stage -- CORB defends against side channel vulnerabilities that may be present in the stages which are skipped.

https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md

Your requests are blocked even from reading for security reasons. You can establish a session for the API from your server-side and send requests from there. You will need to make sure that every header is correct. This way your server will act as a proxy, but you should avoid doing this if your requests are unwanted by the target API. If there is no harm in doing your requests for the API and you are blocked as a collateral damage, then you can use your server as a proxy.

Lajos Arpad
  • 64,414
  • 37
  • 100
  • 175
  • It looks like I cannot read any HTML page from another domain. I would like to convert my Android app to Ionic. Android OkHttp can read any HTML page. Why is this not possible in Ionic? – tm1701 Aug 18 '18 at 15:46
-1

For info on Ionic and CORS, please read this very nice article. It explains exactly that testing with 'ionic serve' and 'ionic run -l' will trigger CORS. Running on the device will NOT trigger CORS checking. Really?

When I tried to perform in my Ionic Android app on my device (!) to access the html files of other sites, it still did not work. Hmmm.

How to solve this? You can use a proxy server to solve it. First I tried the next solution ... and it works - even for local testing!

https://cors-proxy.htmldriven.com/?url=http://www.example.com/page1

Next problem was ... can I create a very simple proxy server myself? Yes, and it is quite simple using Spring Boot. Just create a Controller that uses a simple OkHttp get call. This works even when testing using 'ionic serve'! This works when I configure Cors on the server in the right manner.

What about Ionic code? This is what worked for me (Ionic3/Angular5/HttpClient): 

this.httpClient.get( url, { observe: 'body', responseType: 'text'}).subscribe(
    data => {
        console.log( 'Output is data = ' + data);
    },
    err => {
        console.log( 'ERROR: ' + err.toLocaleString());
    });
}

Yes, you need an own website faciliting this - that being the downside. It will also take an extra internet 'stop' to get you remote HTML stuff.

tm1701
  • 7,307
  • 17
  • 79
  • 168