I have a webapp that authenticates through a REST APi that responds with a user id and a session token that will be sent with future ajax requests as the main authorization header for the secure api endpoints. This works great in every browser, including iOS Safari. On iOS (iPad) The problem arises when I use the meta tag that supports apple-mobile-web-app and add this application to the main screen: after logging in, even if my authorization header exists (see Its tab in the web inspector network request on my mac), when the first secure call is sent, I get an Authenticaion Required Safari popup asking me to enter my password.
The header is set using the ajaxSetup beforeSend :
xhr.setRequestHeader("Authorization", "Basic " + base64Value)
Again, everything is fine on all browsers, in the iOS Safari App mode and in the Home Button mode everything is fine, but when using the apple-mobile-web-app meta application, mecanism authentication is violated.
I searched a lot and did not find a solution.
source share