Question
I have a web app that makes cross-domain Ajax requests. The requests go through without a problem in almost every environment except for iOS devices (iPad, iPhone) running Safari 7. On those devices, the request fails. It works with the latest desktop Safari and also with mobile Safari 5; the problem is only with mobile Safari 7 (and perhaps 6; I don't have access to one of those for testing).
The app first makes a GET request to the origin site (with http protocol), which works fine. It then makes an https POST request to a different site (which is correctly configured for CORS). This is the request that fails. Nothing appears in the Safari console when the request fails and the server logs indicate that no request arrived.
One more detail that may or may not be relevant: the sequence of two requests is triggered by a single user action.
Does anyone have an idea of what's going on here?
EDIT The problem definitely appears to be related to Enyo. I created this fiddle that demonstrates the problem. If you are using Mobile Safari 7 and select enyo.Ajax as the tool for making the request, it will fail. The same request to the same URL will succeed using an XMLHttpRequest object directly. (The server-side script simply echoes the request headers. It also adds
https://stackoverflow.com/questions/21126639
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAccess-Control-Allow-Origin: *
to the response.)
Solution
Looks like this was related to a fix we made for iOS to prevent caching of non-cacheable requests. This fix was updated to only apply to iOS 6 in 2.3.0: https://github.com/enyojs/enyo/commit/73ade2a9dd68deb2f4a4db548c45e2c27104632f
Per the comments in the fix, you can use the header property to specify an object with cache-control: null, unless you're planning on upgrading to 2.3.0. :)
OTHER TIPS
I ran this by the Enyo framework team. No one is exactly sure why you might be having the problem but it could be:
1) This: iOS 7 javascript XMLHttpRequest bug
2) A certificate issue with the https server.
It doesn't appear to be a framework issue, though. If the answer is something else, please let us know!
