4

I have an iOS app, with a long list of items to be POSTed to a remote web server. The list can be long enough to exceed recommended lengths for a GET request. After the list is posted, the user can log into their account and manipulate the list.

Ideally, I'd like to POST the list to Safari (or another default browser) so that if the user already has logged in, they don't need to do so again and they have access to all the normal web browser functionality.

It seems to work with a UIWebView, but isn't the best interface.

This can be done on Android or the UIWebView using this: https://stackoverflow.com/a/9909613

Community
  • 1
  • 1
PeteVasi
  • 723
  • 2
  • 10
  • 23
  • that sounds like a security issue - allowing an app to pass a lot of data via POST using the web browser. You could potentially post data to any site they were logged into - like their bank – Jason Oct 06 '16 at 23:48
  • Allowing/disallowing cross-domain posting on the server side is what handles the security side of that. The server has to explicitly allow POST requests from other sites. For my case, only this single POST endpoint allows it. – PeteVasi Oct 07 '16 at 12:55

1 Answers1

1

Do it in two steps:

  1. POST the data to the server "anonymously". The server would assign some kind of unique id, and store the received data somewhere (database, temp file...), associated with the ID. Send back the ID to the client.

    Alternatively, the ID might be provided by the client directly. For that, make sure it's some kind of UUID/GUID so you don't have conflicts.

  2. Open a second URL (either in Safari or, probably better, in an SFSafariViewController) pointing to the login process along with the ID from step 1.

    The server can then use the ID to locate the data posted during the first step.

jcaron
  • 17,302
  • 6
  • 32
  • 46
  • I've thought about that, and would work if I were the one in control of the server side too. Was hoping for something more along Android's lines. – PeteVasi Oct 11 '16 at 02:32
  • 1
    You could use an intermediate server. Post the data to it from the app, retrieve ID, open a page on that server with that ID that just contains a form with all the data as input type=hidden and some JS to submit the form. – jcaron Oct 11 '16 at 16:50
  • Seems like this is the best approach I've got. Thanks for your assistance. :) – PeteVasi Oct 16 '16 at 13:46