Closing the loop on this thread.
Here is the solution that works for me:
- Install the cordova-plugin-wkwebview-engine
cordova plugin add cordova-plugin-wkwebview-engine
I added the following to my apache config to deal with CORS. One specific problem was with the CORS preflight check–without dealing with that, myu api was executing twice. With this config, apache just returns a 204 instead of passing to api. Note this is open to all hosts now for testing, but will lock down later.
# Required configuration for iOS WkWEBVIEW
# Allow any location to access this service
Header always set Access-Control-Allow-Origin "*"
# Allow the following headers in requests (X-Auth is a custom header, also allow Content-Type to be specified)
Header always set Access-Control-Allow-Headers "X-Auth, content-type, origin"
Header always set Access-Control-Expose-Headers "X-Auth"
# Allow the following methods to be used
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
# WkWebView sends OPTIONS requests to get CORS details. Don't tie up the API service with them;
# just answer them via apache itself
RewriteEngine On
RewriteCond %{REQUEST_METHOD} =OPTIONS
RewriteRule .* - [R=204,END]
Add the following to the config.xml somehwere inside the widget element.
<preference name="WKWebViewOnly" value="true"/>