-1

I can tell from my webserver logs that one of my Javascript files is treated by (some?) iOS 14 as "injected". My script is run in a separate environment (namespace?). And its attempts to do AJAX fail, apparently because it's assigned an "origin" which doesn't match my webserver, so the standard same-origin policy forbids the operation.

I would expect to get caught like this if I was trying to do something blackhattish. But it's just typical Javascript which works on all other browsers. Especially, my Javascript is loaded as an external file in the head portion of its HTML page as usual

<script type="text/javascript" src="foobar.js?baz"></script>

All the page files -including the problematic Javascript- are loaded from the same site-- http://www.foo.bar

How can I tell what the issue is from the server side? (I cannot recreate the problem from the client side - in particular I don't have access to any failing iPhone.)

EDIT 23 - April 2021 - Problem partially (but not fully) disappears on iPhone versions later than 14.0.3.

Chuck Kollars
  • 2,135
  • 20
  • 18
  • 3
    This ***why do the latest iPhones dislike my Javascript?*** is the best title seen so far! – Manas Khandelwal Apr 12 '21 at 02:49
  • Just mentioning, You don't need to convert angle brackets to Unicode ✌! – Manas Khandelwal Apr 12 '21 at 02:51
  • @Manas Khandelwal It seemed that no matter what I tried, the HTML Code would NOT appear in the "preview". I finally found that by using HTML "entities" rather than angle brackets, the HTML Code would appear in the preview. Only later did I discover that the HTML Code would have appeared in the post _even _though _it _didn't _appear _in _the _preview. I suspect "odd" posts would appear less often if the preview was _exactly what the final post would look like. – Chuck Kollars Apr 14 '21 at 00:49
  • You can just wrap the code in 3 backticks like this: ``` and if the code is inline then use a single backtick to wrap the code. . . It just markdown! . . . for more you can read this: https://stackoverflow.com/editing-help#code – Manas Khandelwal Apr 14 '21 at 00:55

1 Answers1

0

In answer to my own question: Once I set up my web server to use https: rather than http:, the problems I was experiencing all went away.

Apparently the infrastructure behind the latest Safari browser (as of May 2021) does not fully trust scripts in the head that are loaded over http:, and so isolates them in a separate namespace as though they were "injected".

Chuck Kollars
  • 2,135
  • 20
  • 18