Background
I'm developing a visitor app that needs to take a picture of the user who is visiting and then save that to a database. I could use the file upload component but then the user could just upload a picture from the photo library instead of themselves. So wrote a little mini application, in PHP and HTML for our apache server, to be embedded in an IFrame. From this I am able to access the front facing iPad camera and save a file to the database.
referrerPolicy is set to unsafe-url while I'm testing.
Problem
I have set the iframe to point to my php photo app. When I go to upload a file to it (through ignition perspective) on a computer I am able to pass through all of the information I need shown below
with [HTTP_REFERER] I am able to get the visitor parameter.
When I go to test the same thing on an iPad it breaks because [HTTP_REFERER] is set to http://172.16.1.10/ meaning I can't get the visitor param.
Question
Why does the iPad behave differently to the computer? Is this an Apple security measure? Am I misunderstanding the referrerPolicy?