Cordova app can't connect with Dynamics NAV Web-Service (ODATA) after update to iOS 10


We are developing an app with Cordova that syncs information with an ODATA Web-Service made available by a Microsoft Dynamics NAV 2013 Middle tier. Under Android there is no problem with the connection and under iOS 8 and 9 it works as well. On Devices using iOS 10 the connection does not work and returns a HTTP 400 Bad Request error. The connection has the following structure (this is test code, works on Android and iOS 8 and 9, but not on iOS 10)

var xreq = new XMLHttpRequest(); xreq.open('GET', "http://domain:port/MIDDLETIER/OData/MobileSetupMWP?$format=json",true,username,password); xreq.onreadystatechange = function () { if (xreq.readyState == 4) { if (xreq.status == 200) { alert("success"); } else { alert("failure"); } } } try { xreq.send(); } catch (e) { }

The Web-Service uses Digest as authentication and is available as a http and a https Web-Service. Both the http and https work with Android and iOS 8 and 9. Connecting to a http ODATA Web Service without authentication (<a href="http://services.odata.org/V3/OData/OData.svc/" rel="nofollow">http://services.odata.org/V3/OData/OData.svc/</a>) works on iOS 10 so the problem seems to be related to the authentication.

We have already included the following part in a plugin:

<platform name="ios"> <config-file target="*-Info.plist" parent="NSPhotoLibraryUsageDescription"> <string>Für Bildvorschau wird die geräteeigene Fotogalerie verwendet</string> </config-file> <config-file target="*-Info.plist" parent="ITSAppUsesNonExemptEncryption"> <false/> </config-file> <config-file target="*-Info.plist" parent="NSAppTransportSecurity"> <dict><key>NSAllowsArbitraryLoads</key><true /></dict> </config-file> </platform>

This is the Content Security Policy we are using

<meta http-equiv="Content-Security-Policy" content="default-src * blob: data: ws: wss: gap://ready ; style-src 'self' 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' 'unsafe-inline' 'unsafe-eval' * ; connect-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: ; img-src * data: blob:">

Any ideas what the problem could be or what we could test?


The problem seems to be a general one with iOS 10s handling of Digest Authentication, basically the same problem as described here: <a href="https://stackoverflow.com/questions/39587003/http-digest-authentication-fail-due-to-wrong-nonce-count-in-ios-10" rel="nofollow">HTTP digest authentication fail due to wrong nonce-count in iOS 10</a>

We opened a Bug with Apple.


The problem was solved by Apple with the 10.2 Beta version. Connection with DIGEST Web Services is possible again.


  • GetMember by MetadataToken
  • Bootstrap modal stops working after I sort portfolio
  • How to retain the maximum valued mspace, if found successively along with other mspaces
  • NativeScript MaskedInput databinding
  • Oracle SQL: Declaring variables to use in queries & subqueries
  • Deserializing 2D JSON array to bean using GSON
  • Oracle stored procedure query like not working with cursor
  • SMS Receiver not working in MIUI (Xiaomi 2014818 Android 4.4.4,API19)
  • Importing data from csv file
  • How to understand regular expression with python?
  • how to find the difference between time stamp in oracle?
  • Reinstalling rocks
  • Kubernetes Node Memory Limits
  • How to format dates in angualr 6?
  • Copy multiple rows from multiple workbooks to one master workbook
  • OutLook renders unnecessary space
  • INSTALL_FAILED_USER_RESTRICTED : android studio using redmi 4 device
  • Duplicate column name error while creating view
  • SQL date format [h]:mm:ss like Excel does, beyond 24 hr
  • gform_after_submission Post to Third Party API
  • coredns crashloopbackoff in kubernetes
  • cx_Oracle CREATE TABLE AS returns ORA-01036: illegal variable name/number
  • Algorithm to find the determinant of a matrix
  • Debuging all the code computing and sorting equivalence classes
  • Android-How to set Custom notification sound for GCM messages
  • how do i add a parent key to json object using javascript [closed]
  • Using sequential values for the primary key in an INSERT query
  • Upgrade from Kohana 2 to latest 3.2 version
  • select2 from json based on other input field
  • PyQt5 pyuic module error
  • System.StackOverflowException by forms
  • Display CSS: some divs fixed, some flexible
  • How to find the node position of a value in an XML tree?
  • use Cube Functions to get filtered dimensions
  • Delete or remove unexpected records and strings based on multiple criteria by python or R script
  • Matplotlib bad ticks/labels for loglog (twin axis)
  • How get monitor's friendly name with winapi?
  • Opposite of unnest_tokens
  • Excel macros Help. Creating a new column based of arrays.
  • Twitter Gem with multiple search options
  • C# Regex replace the first and last occurrence of double quote in each line
  • StackOverFlowException inside a recursive function
  • How to click a button on a web page that has no id?
  • Globally registered process is not registered
  • How to create c# console application to cosume the .net webservice [closed]
  • VSS to Clearcase transition, appending comments
  • Import external libraries in an Hadoop MapReduce script
  • Why is gdb not working in eclipse when it is working fine from command line?
  • Memory profiling tool for Delphi?
  • strange g++ linking behavior depending on arguments order
  • Android thumb is not centered in seekbar?
  • Find identical data in Column and filter it to another sheet
  • RegularExpressionValidator With DropDownList(asp.net)
  • tag semantic alternative usage
  • c# download html string after page loading is finished
  • Cannot Get a simple TextView to work with Android Data Binding
  • How to send attachments (images) and nested params using XHR to uplaoad file in titanium?
  • xml to oracle DB table : encountering problems
  • How to pass multiple records to update with one sql statement in Dapper
  • Opening video with openCV +python
  • Ajax error - “permission denied”
  • Getting ORA-01861 - Literal does not match format string on SQLPlus Only
  • AJAX Permission Denied On IE?
  • parse json list in reverse order
  • Parse AJAX resposne in HTML using Javascript
  • Filling web form via PowerShell does not recognize the values entered
  • How to fetch the alt value from an img using vba
  • How can I write a where clause in SQL to filter a DATETIME column by the time of day?
  • Api Gateway cannot allow Access-Control-Allow-Origin
  • Upgrade to g++ 4.7 (with c++11 support): any ABI incompatibility?
  • how to show filtered JSON data from two different key values in react native
  • How do I get the list of bad records that didn't load in Bigquery?
  • SQL Query - Table Joining Problems
  • Can't remove headers after they are sent
  • IE11 throwing “SCRIPT1014: invalid character” where all other browsers work
  • Login not working in Firefox in Meteor
  • Execute scripts AJAX returns
  • Authentication in Play! and RestEasy
  • nonblocking BIO_do_connect blocked when there is no internet connected
  • How to use JavaScript to determine whether a file exists in a directory?
  • How do I pass the string value parameter of the selected list item from an auto-populated dropdown l
  • Functions in global context
  • MongoError: Incorrect arguments
  • Django rest serializer Breaks when data exists
  • Get data from AJAX - How to
  • FileReader+canvas image loading problem
  • Ajax jQuery multiple calls at the same time - long wait for answer and not able to cancel
  • Bug in WPF DataGrid
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • Can I have the cursor start on a particular column by default in jqgrid's edit mode?
  • Run Powershell script from inside other Powershell script with dynamic redirection to file
  • Compare two NSDates in iPhone
  • using conditional logic : check if record exists; if it does, update it, if not, create it
  • Codeigniter doesn't let me update entry, because some fields must be unique
  • Getting error when using KSoap library to consume .NET web services
  • Authorize attributes not working in MVC 4
  • Reading document lines to the user (python)
  • Binding checkboxes to object values in AngularJs
  • UserPrincipal.Current returns apppool on IIS
  • Net Present Value in Excel for Grouped Recurring CF
  • jQuery Masonry / Isotope and fluid images: Momentary overlap on window resize
  • How to load view controller without button in storyboard?