I have referred https://github.com/apache/cordova-plugin-whitelist and added below to my config.xml:
<plugin name="cordova-plugin-whitelist" spec="~1.3.0"/>
<access origin="*" subdomains="true"/>
<!-- A wildcard can be used to whitelist the entire network,
over HTTP and HTTPS.
*NOT RECOMMENDED* -->
<allow-navigation href="*"/>
<allow-intent href="*"/>
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
I also have the below permission in my AndroidManifest.xml:
<uses-permission android:name="android.permission.INTERNET" />
And below is the CSP declaration in the index.html:
<meta http-equiv="Content-Security-Policy"
content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *;script-src 'self' localhost:35729 84.254.133.91:8080 'unsafe-inline' 'unsafe-eval';connect-src *">
And the server is running # 84.254.133.91:8080
Here is the code with http post call:
var req = {
method: 'POST',
url: $rootScope.labels.IP + $rootScope.labels.USER_ID_CREATE_URL,
data: {
userId: $scope.newUserIdCreate.username,
password: $scope.newUserIdCreate.password,
}
};
var res = $http(req);
res.success(function (data, status, headers, config) {
alert("request success:" + JSON.stringify({ data: data }));
});
res.error(function (data, status, headers, config) {
alert("request failed:" + JSON.stringify({ data: data }));
});
None of the $http requests are going through. I have spent nearly 2 days and referred 'n' number of articles but still can't crack this issue.
Further, I added a href link to 'google/facebook', and I am able to access these websites from the App.
Using the web app by running 'ionic serve' works perfectly fine. From the Android apk, none of the requests are hitting the server.
What is the missing configuration?
After much investigation over several days, the issue was same as that CORS issue with Tomcat and Android Webview
Adding the CordovaOriginWrapper as mentioned in one of the answers in the above question resolved the issue.
This is tricky and the ionic documentation never talks about this behavior. Ionic documentation needs to be updated with this behavior.
Related
ajax.post works great in the browser but doesn't work on the real android device(and I don't know how I can see the error because I have left browser environment).
I think I have a problem with Internet permission or origin restriction. I have read about ManifestAndroid.xml but I can't find it in my project.(no such file)
How can I fix this? Thanks in advance
Here is my config.xml:
<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
</platform>
Here is index.html restrictions:
<access origin="http://example.com" />
<meta http-equiv="Content-Security-Policy"
content="default-src * 'self' 'unsafe-inline' data: gap: 'unsafe-eval';
style-src * 'self' 'unsafe-inline';
connect-src * ;
script-src * 'self' 'unsafe-inline';
media-src *">
I had this problem with my Angular 2 App, the things I did are follows:
1) When you load Android Studio, you can select File->Profile APK to debug/run you APK, then you can look at the logcat to see any error messages.
2) Add the allow-navigation tag in config.xml
You need to add the Whitelist plugin to the plugin section of the config
3) What is the URL that you are making the request to? My big problem was that I was using relative URLs and because my Web App is on the device not the server, my relative path was pointing to file protocol file:// not http://.
So I would recommend making sure the URLs are absolute, ie http://, overwise your app could be doing a post to the file system not that's why it's failing
I have Phonegap build app for android made with html + javascript (jquery). Yesterday it was working perfectly. Today ajax calls does't perform anymore. Sample code:
$(document).ready(function(){
setTimeout(function(){
$.ajax({
url: urlPrefix + "/xxxxx",
dataType: "jsonp",
jsonpCallback: "indexCallback"
});
alert('Ajax praejo');
},2000);
});
function indexCallback(response) {
alert('callback prasideda');
}
Alert after ajax call is showing, but alert in indexCallback function not appearing. Ajax calls external back-end server. I have made loging of calls in back-end server, but no call appears.
I have tried to make timeout before ajax is calling, but no result.
I white listed all possible domains in config.xml file:
<plugin name="cordova-plugin-whitelist" version="1" />
<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
</platform>
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />
Everything works fine when i load index.html (ajax calls to external back-end) file into desktop browser.
Any ideas ?
I had a similiar problem with my app on android devices. After days of research i found following blog post. The certificate from our cert authority(top 4 ) was part of a bug in google webview. After updating the webview and chrome on the devices everything worked again.
Test again with the deviceready listener.
http://docs.phonegap.com/en/1.0.0/phonegap_events_events.md.html
document.addEventListener("deviceready", onDeviceReady, false);
function onDeviceReady() {
setTimeout(function(){
$.ajax({
url: urlPrefix + "/xxxxx",
dataType: "jsonp",
jsonpCallback: "indexCallback"
});
alert('Ajax praejo');
},2000);
}
function indexCallback(response) {
alert('callback prasideda');
}
Check your contents meta data.
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
I have a cordova android app for showing news from a JSON web service
the ajax request work on web browser but not work on android when i create the .apk file
the link of the app https://github.com/Adib12/technologia
My config file
<?xml version='1.0' encoding='utf-8'?>
<widget id="io.cordova.hellocordova" version="0.0.1" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>Technologia</name>
<description>
Suivre les actualités des nouvelles technologies
</description>
<author email="dev#cordova.apache.org" href="http://cordova.io">
Aouadi Adib ( AdibDev )
</author>
<content src="index.html" />
<plugin name="cordova-plugin-whitelist" spec="1" />
<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
</platform>
</widget>
I need help
From the Github link you posted, it looks like you are trying to connect to a localhost URL. This won't work when running on a device, so you'll need to change that to the name of the resource you're connecting to, or its IP address (best to use DNS name).
Additionally I notice you don't have a Content-Security-Policy meta tag in the head section of your index.html - you will need one of these for Cordova 5 and higher... this specifies what resources your app can connect to. Assuming your service that you want to make an Ajax request to is running at http://myserver.mydomain.com, your CSP meta tag would need to look something like this:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src http://myserver.mydomain.com">
I wrote a blog post that covers set up of Content Security Policy for Android and iOS here.
Please change localhost to a valid server name in your www/js/script.js, specifically here:
$.ajax({
type: "POST",
url: "http://localhost/sv/connect.php",
data: formData,
cache: false,
dataType: 'JSON',
success: onSucces,
error: onError
});
and add a Content Security Policy meta tag to your www/index.html in the head section.
I have created an Android-app with Cordova and on an emulator it works like a charm. When I tried to run it on a device I didn't get past the login-screen because I got an error saying: "Origin is not allowed by Access-Control-Allow-Origin". Is this a CSP issue within Cordova or is it something wrong with my server?
Some of Config.xml:
<access origin="*" />
<access origin="baseUrlToServer.com" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
And my CSP metatag in Index.html:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' *UrlToServer.com;
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"/>
Have anyone stumbled across something similar and have an idea? Help would be much appreciated :)
The issue is server-side.
Your server has to respond with some HTTP RESPONSE HEADERS among which :
Access-Control-Allow-Origin: *
On apache2, for example
<IfModule mod_headers.c>
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
</IfModule>
I have been testing my app using ionic serve while developing and everything is working fine. I am now trying to export the apk using ionic build android, then storing the file 'android-debug.apk' on my web server and downloading it via a phone's browser and installing it to test it in the real world.
The app installs OK, but won't let me make any $http requests. I have installed the plugin cordova-plugin-whitelist, and also added the following to my config.xml file:
<plugin name="cordova-plugin-whitelist" spec="1" />
<access origin="*" />
<allow-navigation href="*" />
<allow-intent href="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
</platform>
As well as that, I have added this into my main index.html file:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
Can someone tell me why the requests are still failing please?
I have tested on 2 different servers, both have CORS enabled and this has been verified using Postman.
Thanks for any help
Edit:
My $http request looks like this:
$http.get('http://url.com/request').then(function(res) {
console.log('success');
console.log(res);
}, function(res) {
console.log('error');
console.log(res);
});
After enabling remote chrome debugging, I get an error alert, following by an object which has:
data: null,
status: 0,
statusText: ""
Looks like I needed to add:
<uses-permission android:name="android.permission.INTERNET" />
into platforms/android/AndroidManifest.xml. Working OK now!