I'm using Cordova 7.0.1, and trying to set the contents of an iframe using a generated blob: url, but the result is an empty iframe, and no console errors.
If I disable blob: urls in the content security policy, I get an error as I would expect. So I'm fairly confident my problem is not the CSP.
I've also whitelisted * in config.xml to no avail:
<allow-navigation href="*" />
<allow-intent href="*" />
Constructing a data: url works. Why doesn't blob:?
Ages ago, probably with Cordova 5, I had this working. Is this no longer permitted? Is there a way to allow it again, or an alternative method?
To allow blob scheme, we have to set the following in config.xml:
<allow-navigation href="blob:*" />
More info on this is available on Issue:CB9558 under official apache cordova issue tracker.
Related
create an app on cordova and I'm using Framework7. In this application, consult a web server that returns some data to me, including a link to download a pdf material, but I'm getting an error message because I don't have permission to download it includes the website address on the access source at config.xml.
I have the cordova-plugin-whitelist plugin installed and in config.xml I configured the following
<access origin = "https://www.mysite.com.br/download/" />
<allow-intent href = "https://www.mysite.com.br/download/" />
I have already followed several recommendations from other forums, but nothing works.
I always receive the following message: net :: ERR_FAILED (https://www.mysite.com.br/download/myname.pdf)
Could someone help me solve this problem that I have been facing for 2 months.
thanks
You can try to solve by creating a more general rule as:
<widget ...>
<access origin="www.mysite.com.br/" />
<access origin="www.mysite.com.br/" />
<allow-intent href="http://www.mysite.com.br/*/*" />
<allow-intent href="https://www.mysite.com.br/*/*" />
</widget>
and a Content Security Policy as
<meta http-equiv="Content-Security-Policy" content="default-src 'self' mysite.com.br">
Take care on the position of files (.htaccess rewrite rules could make you have a hard day ifyou don't check them). I'm quite sure you just check the presence of external class on your link in HTML, isn't it?
I have a problem with the offline mode of my app on android (an Ampersandjs app).
When offline mode is activate, all of the data has been stored in the cdvfile://localhost/persistent/ folder and instead of making call to an external PHP REST API the app store json files locally.
On IOS it's ok but Android doesn't want load the files when the app is starting and the google Network dev tools indicate the files status is 'pending'.
However if i stored this files on an external server it's ok.
If you are using Phonegap version cli-5.x, you need to use whitelist plugin. Try adding following lines in config.xml
<gap:plugin name="cordova-plugin-whitelist" source="npm" />
<access origin="*" />
<allow-intent href="*" />
<allow-navigation href="*" />
Check https://github.com/apache/cordova-plugin-whitelist for whitelist plugin description
This is driving me crazy. I'm working on a Ionic app (Cordova, Angular etc). I have a contact us link which contains a mailto: href
href="mailto:info#somedomain.net?subject=my%20App"
I've read countless posts on SO that say you have to remove
<access origin="*"/>
from the config.xml in the project root and replace it with:
<access origin="mailto:*" launch-external="true" />
Which I've done. When I run ionic build it gets added to the config.xml in platforms/android/res/xml. But no matter what I do the link doesn't open the mail app on any Android simulator (even when email is configured in the simulator).
Sadly I don't have a device to test on - so is this just a emulator thing or am I missing something?
You must install the cordova plugin whitelist:
cordova plugin add cordova-plugin-whitelist
or if you want to save the reference to your config.xml file:
cordova plugin add cordova-plugin-whitelist --save
and that you have to add the intent to your config.xml file:
<allow-intent href="mailto:*" />
You can find more info here.
Try this:
window.location.href = "mailto:your#ema.il?subject=Works on iOS too";
I just solved this thanks to the responses & articles above. I'm not sure what has or hasn't changed since the above postings, but for the reference of others; I now have http://, https://, tel:, & mailto: working with only the inappbrowser plugin installed and no manual edits to config.xml needed. I did everything mentioned above & it still wasn't working, so I started fiddling and found that I the window.open() call requires the second parameter of "_system" to work correctly (it tried to use the browser and "navigate" to http://mailto:xxx... without the "_system" flag).
However, for curiousity's sake, I uninstalled the whitelist plugin and removed the manual edits in config.xml and it still works.
Notes:
-I don't remember all the variations I tried, but onclick couldn't access the Ionic/Angular/Cordova scope(s), so I stuck with ng-click.
-I did not / have not tried using href="..." with any of the options.
(If I remember, I'll test them and update this to reflec my results.)
So, with only the cordova-plugin-inappbrowser installed and no config.xml edits, here are my working / tested solutions:
ng-click="window.open('http://somesite.com', '_system')"
ng-click="window.open('https://google.com', '_system')"
ng-click="window.open('tel:(123) 345-4567')"
ng-click="window.open('mailto:email#example.com', '_system')"
Tested 9/20/2016 Using:
HTC One M8, android 6 ,cordova v6.3.1, cordova-plugin-inappbrowser v1.5.0, ionic v2.0.0, jdk1.8.0_101, android SDKs 21, 23, & 24 installed
what if you replace "true" with "yes"... I use this in my app and it works.
<access origin="tel:*" launch-external="yes"/>
Ran into this today and noticed something that affected mailto, but not tel, links:
In addition to adding the intent to the cordova config as described by dave's answer
<allow-intent href="mailto:*" />
I also had to allow mailto links in the csp header of my page
<meta http-equiv="Content-Security-Policy" content="default-src 'self' mailto:*">
Didn't see any documentation around this behaviour of CSP headers.
Just in addition to use Cordova's WhiteListPlugin ;
It worked for me in this way:
in config.xml
<access origin="*"/>
<access origin="mailto:*" launch-external="true" />
<allow-intent href="mailto:*" launch-external="yes"/>
And specially for ios add :
<platform name="ios">
<allow-navigation href="mailto:*" launch-external="yes"/>
...
<platform name="ios">
Altering Cordova's WhiteListPlugin in config.xml did not work for me -- <access >,`. I tried many combinations, including those above. Doesn't mean these won't work necessarily, just for my setup it doesn't. (Building for Browser, Android, and iOS)
However, using the Cordova InAppBrowser Plugin worked:
As mentioned above, use the inAppBrowser plugin and set the target to _system.
This by passes the issues I was seeing in iOS with unsupported url, and launches the native systems web browser (i.e., Does not rely on WhiteListPlugin to allow the URL call).
Hope this helps.
Cordova version 6.3.1.
I recently upgraded to Cordova 5.0 (and Cordova Android 4.0) and, since then, my app can no longer access external resources.
I still have <access origin="*" /> in config.xml (as before), and I still have <uses-permission android:name="android.permission.INTERNET" /> in AndroidManifest.xml (as before), but ajax calls are rejected with no explanation (the "textStatus" param is "error", the "errorThrown" param is null, and xhr.state() returns "rejected").
I've verified that no request is hitting the server, so it appears it is being stopped by Android, but the log doesn't give any explanation as to why...
I can access the URL in question fine from the Android browser, just not from the app.
The ajax request is made via a call to Backbone.sync() of Backbone.js, which ultimately calls jquery's $.ajax(). I haven't changed anything about how the call is made... just upgraded cordova.
Are there new requirements/setup for network requests, in Cordova 5.0, or anything I need to do differently from previous Cordova versions?
Does anyone know of a way I can get more information as to why Android and/or Cordova is rejecting the request?
I tracked the culprit down to the android#4.0.0 cordova platform. It now requires the new cordova-plugin-whitelist plugin.
It can be installed with
cordova plugin add cordova-plugin-whitelist
or by adding
<plugin name="cordova-plugin-whitelist" spec="1" />
to config.xml, and then it is configured with
<allow-navigation href="*" />
in place of the old, <access origin="*" /> tag.
It's a little annoying that the log doesn't spit out the "whitelist rejection" error messages anymore when a problem like this comes up (that would have saved me a ton a time), but maybe that'll come later.
In Cordova 6.X you need to remove the builtin whitelist plugin and reinstall the new version of plugin.
cordova plugin remove cordova-plugin-whitelist
and re install the plugin
cordova plugin add cordova-plugin-whitelist
and then replace <allow-navigation href="*" /> to config.xml file instead of <access origin="*" />
in my case this trick worked.
Two things
Ensure the ajax url you are using allows cross origin requests
Are you passing relevant headers while making cross origin requests
To Read
http://enable-cors.org/
How to enable CORS in AngularJs
http://backbonetutorials.com/cross-domain-sessions/
if you are using cordova 6.x.x u need to uninstall builtin cordova-plugin-whitelist using
cordova plugin remove cordova-plugin-whitelist
and reinstall it by using
cordova plugin add cordova-plugin-whitelist
even if the issue persists relaunch command prompt and try it.
For me it started working after I removed from html file mata tag:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
I am trying to get PhoneGap 2.4.0 FileTransfer working on Android 4.2.
I get a Logcat warning message saying:
The Source URL is not in white list: 'http://api.etc.com'
Inside my res/xml/cordova.xml I have
<access origin=".*" subdomains="true"/>
This is supposed to whitelist all URL's but no luck, I still get the same warning and FileTransfer error 3.
Any ideas? Can I check if cordova.xml is being parsed at all?
Edit: I'm using a CordovaWebView.
If you are not using DroidGap, you need:
Config.init(this);
In the onCreate of your activity. Otherwise, all whitelisting will fail. Just found this out after two hours of painful digging.
It should work if you change your XML to:
<access origin="*" subdomains="true"/>
This white-lists basically the entire internet. If you only want to white-list your domain, use something more specific. See details here:
http://docs.phonegap.com/en/2.4.0/guide_whitelist_index.md.html
The "origin" attribute is now "uri".
I managed to fix the problem by using PhoneGap 1.9.0 instead of 2.4.0. The errors return when using later versions.
I also managed to get it working by not using CordovaWebView but by using PhoneGap build. But this isn't viable in my case.
If you are using wild card in the whitelist URL configuration, don't use subdomain property.
Looks like you have to be very specific in how you write the tags in config.xml especially when it comes to allowing subdomains - apparently specifying subdomains does not work with wildcards so you need two blocks of tags.
<access origin="*.google.com" />
<access origin="*.googleapis.com" />
<access origin="*.gstatic.com" />
<access origin="*.googleusercontent.com" />
<access origin="google.com" subdomains="true"/>
<access origin="googleapis.com" subdomains="true"/>
<access origin="gstatic.com" subdomains="true"/>
<access origin="googleusercontent.com" subdomains="true"/>