401 when downloading file: Credentials (cookie) not sent in header


#1

Hi there,

I am using the file-transfer plugin and I am trying to download a file from an API, which has an authentification using cookies.

The problem I have is if I try to download a file, the cookie is not in the header : I have a 401 error. I have this problem only on ios, not on Android.

I have try to set the option 'withCredentials': true, with no luck.

here is the code:

const destination = this.file.dataDirectory + 'test.pdf';

const fileTransfer: FileTransferObject = this.transfer.create();

return fileTransfer.download('http://example.com/api/test.pdf', destination, false, { withCredentials: true })
    .then(() => console.log('ok'), err => console.log(err));

So my question is, how can force the download request to have the Cookie header ?

Thank you very much!


#2

Might have something to do with this.
–> https://github.com/ionic-team/cordova-plugin-ionic-webview/issues/22#issuecomment-357556705


#3

Hi Matt, thank you very much, that have helped.

So the problem is that the download is made from a native request, and the native layer doesn’t have the auth cookie, because the webview used by ios has trouble syncing cookies between the native layer and the webview.

We are now using cordova-plugin-fetch to make native http call in order to have cookies in the native layer, but that’s not ideal, because the cookie is different that the one from the webview.

Do you know any ways to sync cookies from the webview to the native layer without having to make http calls from the native layer? I have asked google with no luck yet…

Thanks


#4

Are you having this issue on iOS?

If so, not using the wkwebview solves the cookie-issue.


#5

Hi,
I face the same problem with fileTransfer.upload but it is not limited to the first app start.

I hoped there could be a fix with https://github.com/psirenny/cordova-plugin-wkwebview-sync-cookies but unfortunately, it didn’t work.

Going back to UIWebView is not an option for me but I can’t find a solution.

Heliopsis, are you using cordova-plugin-fetch for all your requests or only the download one ? If only for download, how do you manage the different cookie values between the native layer and the webview ?

Thanks


#6

Did you look into this?
–> https://github.com/sortdinc/cordova-plugin-wkwebview-ionic-xhr

I’ve done a brief test with it and the issue with the cookies was gone.
It might solve your issue too.


#7

Thanks for your answer.

Yes I tried but perhaps in a wrong way.

The fact is I don’t have a CORS issue.

Here are more details about my problem:

I was using UIWebView with Ionic1 ; all my requests to server (RubyOnRails using Devise) passed through the Devise authenticate_user! method without problem, and uploading files with $cordovaFileTransfer (also through authenticate_user!) was fine.

I switched to WkWebView on client side (using cordova-plugin-ionic-webview plugin).

All my requests to server are still fine (no problem with Devise authenticate_user! method) except uploads (still with $cordovaFileTransfer): Devise rejects any upload with a 401 error.

Some clue: although all my standard requests (logged on server side) include HTTP_COOKIE values (with a ‘_front_session’ value), permitting Devise to find my session back, all my upload requests are missing this HTTP_COOKIE param.

If this really is the cause of my problem, how can I get this _front_session cookie value on client side and add it to my header params when calling $cordovaFileTransfer.upload method ?

Do you have a sample of what you did after installing the plugin ?