Update: The JS web requests also work from a UIWebView, just not WKWebView. But, I need the WK version for JS interop communication.
I've been trying and failing to get external JS requests to work within a WKWebView on Xcode 8 and iOS 10.3 to access the Dark Sky API. Everything I've tried gives me the same cross-scripting access errors (I've trimmed out details of the URL string being used):
[Error] Origin null is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://api.darksky.net/... due to access control checks.
My Info.plist contains this snippet, which seems correct based on much searching (the "insecure" setting should be irrelevant here, since I'm using HTTPS):
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>darksky.net</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
I've tried all sorts of variations of settings in the internal dict and in the outer dict (even tried adding the awful NSAllowsArbitraryLoads and NSAllowsArbitraryLoadsInWebContent, to no avail).
The exact same JS code works from an Android WebView with basic security settings toggled and with curl, so I know it's not a problem with the Dark Sky API endpoint.
I see a bunch of other SO answers that seem to indicate to use what I have in my .plist (see here and here), but these don't seem to do the trick.
Any ideas what magic iOS voodoo I'm missing here?
