Develop Reference

No internet connection in cordova app on some android devices

I have an Ionic app that has been in the app store for over a year. Now suddenly multiple people are reporting that the app doesn't work. They can't get past the loading screen, which is expected if the phone doesn't have an internet connection.
I have set all the necessary settings in the index.html and config.xml files:
index.html
<meta http-equiv="Content-Security-Policy" content="default-src * data: gap: content: https://ssl.gstatic.com ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:35729; media-src * content: cdvphotolibrary:; img-src * content: data: blob: cdvphotolibrary:">
config.xml
<access origin="*" />
<allow-navigation href="*" />
<allow-intent href="*" />
<plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
I have not changed anything on those settings recently.
The app uses https://sentry.io for error logging, but I also cannot see any errors being sent to sentry, which means that either there are no errors, or the app does not have internet access.
The problem only exists on Android, we have not gotten a single report from iOS users. The Android phones tend to be a little bit older (Android 5 and Android 6), and we had one user report that the error was resolved after upgrading to the latest version.
The only option now is to push out a new release with improved error handling to be able to pinpoint the problem, but it's hard because I can't reproduce it on my test devices and I also can't seem to get any feedback from the devices.
Any help would be greatly appreciated.

So the error was not directly related to a connection issue, but rather to the fact that the app couldn't store the credentials to indexedDB, which lead to all the requests failing because they were unauthenticated.
The issue is described here and should be resolved in a couple of days when chrome releases a new version: Chrome on Android: Granted Quota for IndexedDB suddenly almost 0
The sentry HTTP request failed, probably because of a similar issue. This could be resolved by setting allowSecretKey to true.

Phonegap Android Ajax Stopped Working

I am updated phonegap build 6.3.4 (Cordova 6.4.0). Until now all ajax calls to server was working fine. It suddenly stopped.
I faced a similar situation with iOS build and it turned to be a a new addition to the Content-Security-Policy. I am wondering if anything has been added for Android?
Finally, is there a proper information on the content-security tags to be added?
plugins
cordova-plugins-whitelist
config.xml
<access origin="http://*" />
<access origin="https://*" />
<allow-navigation href="*" />
<allow-intent href="*" />
index.html
<meta http-equiv="Content-Security-Policy" content="img-src * 'self' data:; default-src * 'self' gap: wss: ws: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';">

When you have done everything and still ajax isnt working, its time to look at your SSL. My aha moment was when app worked in debug but not in release mode.
That led to this thread here. Due to wrong SSL implementation Android doesnt detect the certificates.
In Debug mode, android overrides the SSL issues (so it worked). In Release mode it failed silently and caused the problem.
I updated the root certificate / intermediate certificate / site certificates to resolve it

404 not found (from cache) for Hybrid Fiori app for Android

I have a fiori app that has an embedded IFRAME that makes XMLHttpRequest. The IFRAME src is pointing to "https://myserver:port/some/path/iframe.html" and the request within the page is made to the same server - "https://myserver:port/some/path/request_uri" (POST request).
This works fine in desktop/mobile browser and Fiori app for iOS but it fails for Android app with "404 Not Found (from cache)". I'm not sure why it load the page fine (https://myserver:port/some/path/iframe.html) but fails the request.
Some research seems to indicate that this is caused by Cordova and that I need to add the cordova plugin whitelist - GitHub - apache/cordova-plugin-whitelist: Mirror of Apache Cordova plugin whitelist.
It looks like the request should work fine with the following in the config.xml
<access origin="*" />
But it's not working. I've even tried adding very loosely configured CSP meta tag in the iframe page as well as the LaunchPad page:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'">
But the request still seems to be blocked and returns "404 Not Found (from cache)".
Does any one have any idea how to fix this issue?

You could perhaps try adding allow-navigation to the config.xml.
<allow-navigation href="myserver:port/*/*" />
https://cordova.apache.org/docs/en/latest/reference/cordova-plugin-whitelist/
You might also try using the the logcat tool for Android. It might be possible to pinpoint the problem using it.

Apache Cordova: Failed to load resource: the server responded with a status of 404 (Not Found)

When I run my application either in the Android emulator or on my Android device, I get he following error on all AJAX requests:
Failed to load resource: the server responded with a status of 404 (Not Found)
I have tried all the following steps to solve this problem, but it persists.
Installed the whitelist plugin to the project using npm.
Added <plugin name="cordova-plugin-whitelist" version="1" /> to
config.xml.
Added <uses-permission android:name="android.permission.INTERNET" />
to platforms\android\AndroidManifest.xml.
Added <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline';"> and <meta http-equiv="X-XSS-Protection" content="0"> to the <head> of www/index.html file.
Added <access origin="*" />, <allow-navigation href="*" /> and
<allow-intent href="*" /> to the config.xml file.
Regardless I still get the same errors. Any ideas?
The project compiles fine. I'm on Windows 7, using Cordova 5.4.0, Android 5.1.1

Removing the whole Android part of the application with:
cordova platform remove android
and adding it again with:
cordova platform add android
solved the problem, which is still a mystery to me.
Perhaps there was something wrong left from the earlier versions of Cordova that wasn't getting on well with the current Cordova version.

I think the problem's with your Content Security Policy meta tag - try adding * to the default-src to open up Ajax requests to anywhere. You could also add a connect-src clause specifically for Ajax requests and list the hosts and protocols you want to be able to access. For example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src http://myhost.mydomain.com">
Would allow Ajax requests to http://myhost.mydomain.com
I wrote a blog post addressing this topic that you may find helpful, it can be read here.

Update Android
cordova platform update android#5.1.1
I had the problem for me connect to a php page on my server and I made an update to android

cordova-plugin-whitelist working on Android but not iOS (Phonegap Build)

I'm working on a JavaScript app wrapped in Cordova and built with Phonegap Build. We're including cordova-plugin-whitelist from npm in our build and have added <access origin="*" /> to our config.xml and an open CSP (<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">) in our index.html. The app works fine on Android and talks to our server without issues, but on iOS all requests fail immediately as if the whitelist plugin isn't letting traffic through.
I've tried a number of different build configurations in case something broke in a particular version of Cordova, but haven't been able to get this to work at all. I've had a similar issue with other Phonegap/Cordova apps in the past but was able to solve it with the whitelist plugin/CSP/access rule.
This issue has also been difficult to debug since the Safari Developer Tools won't connect to the iOS device and I'm having to alert the responses I'm seeing. It looks like the response coming back has a status code 0 and an empty body, which I'm assuming just means unreachable.

You may well need to set the connect-src in your Content-Security-Policy, for example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src http://YOUR_HOST">
Additionally for Xcode 7 / iOS 9 you will need to adjust the ATS settings to allow connections to non https backends if you aren't using SSL:
Here's a working example of the change to your app's info .plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
(Note you can also configure this to selectively allow non https connections).
And here's a script you could use as a pre build hook for iOS to do this automatically:
#!/bin/bash
echo "Adjusting plist for App Transport Security exception."
val=$(/usr/libexec/plistbuddy -c "add NSAppTransportSecurity:NSAllowsArbitraryLoads bool true" platforms/ios/PROJECTNAME/PROJECTNAME-Info.plist 2>/dev/null) echo "Done"
Just swap out PROJECTNAME for the name of your project.

Change your access tag to:
<access origin="https://yourdomain.com" requires-certificate-transparency='false' allows-arbitrary-loads-in-web-content='true'/>
It will update the Info.Plist file accordingly in the NsAppTransportSecurity entry.
Source: https://cordova.apache.org/docs/en/latest/guide/appdev/whitelist/#ios-whitelisting