Update August 2010: iPhone OS4 appears to have fixed this issue.
This test demonstrates an apparent bug in iPhone MobileSafari's handling of Cross Origin Resource Sharing when making POST requests with JavaScript's XMLHttpRequest. If you know the cause of the problem, or have a contact at Apple who can investigate, please contact Colin Moock at colin@moock.org.
The Test:
Enter a message below, then click "Send".
When you click "Send", JavaScript will send your data to a PHP script on a foreign domain via an XMLHttpRequest object (view the source of this page to see the code). The request should succeed because the response includes the following HTTP header:
Access-Control-Allow-Origin: *
Correct Behaviour:
In Chrome, Safari, Firefox, Android's Browser, and even Apple's iPhone Simulator,
the PHP script will return your message and your browser's HTTP request headers.
Actual iPhone Behaviour:
In iPhone's MobileSafari, no post data is sent to the server. The
request's Content-Length header has the value 0. The PHP script, therefore, cannot
echo your input back to you. However, when this same page is served from the same
domain as the target of the XMLHttpRequest POST request, MobileSafari sends the
post data correctly.
See demo.
Here is a sample of a failed iPhone request:
You sent: Your request headers: Host: unionplatform.com User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16 Content-Type: application/x-www-form-urlencoded Referer: http://moock.org/iphonecors/posttest.html Origin: http://moock.org Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate Content-Length: 0 Connection: keep-alive
Test Output: