I am updated phonegap build 6.3.4 (Cordova 6.4.0). Until now all ajax calls to server was working fine. It suddenly stopped.
I faced a similar situation with iOS build and it turned to be a a new addition to the Content-Security-Policy. I am wondering if anything has been added for Android?
Finally, is there a proper information on the content-security tags to be added?
plugins
cordova-plugins-whitelist
config.xml
<access origin="http://*" />
<access origin="https://*" />
<allow-navigation href="*" />
<allow-intent href="*" />
index.html
<meta http-equiv="Content-Security-Policy" content="img-src * 'self' data:; default-src * 'self' gap: wss: ws: ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';">
When you have done everything and still ajax isnt working, its time to look at your SSL. My aha moment was when app worked in debug but not in release mode.
That led to this thread here. Due to wrong SSL implementation Android doesnt detect the certificates.
In Debug mode, android overrides the SSL issues (so it worked). In Release mode it failed silently and caused the problem.
I updated the root certificate / intermediate certificate / site certificates to resolve it
Related
All ajax requests are getting executed properly when I use the monaca debugger app of either ios or android. They are also working fine with the ios app compiled using monaca build.
However the android app (compiled using monaca build) is just not able to make ajax requests (something like a CORS error).
I have the following
<access origin="*"/>
<allow-navigation href="*"/>
lines in the config.xml file
and
<meta http-equiv="Content-Security-Policy" content="default-src * data: gap: content: https://ssl.gstatic.com; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'">
in my index.html file
Can anyone suggest a fix for this pls?
I recently updated my Cordova app to Cordova Android 7.1.1 (from 6.x). I'm using websockets in this app to connect to another app running a websocket server, which used to work fine. Now, after upgrading to Cordova Android 7.1.1, the connection can no longer be established. It fails with this message (from the chrome console):
WebSocket connection to 'ws://192.168.178.20:52998/' failed:
Error in connection establishment: net::ERR_ACCESS_DENIED
No changes were made in the code which is responsible for establishing the connection. It looks like this:
ns.connection = new WebSocket(uri); // uri would be e.g. 'ws://192.168.178.20:52998/'
I cannot find the reason for this. I already tried to add CSP headers and more, but to no avail. I made sure the connection is working in general, so it must be somehow related to changes made from Cordova Android 6.x to 7.x I'd guess.
Changes in Cordova included obeying CORS headers. You have to now make sure your CORS is setup to allow. For example:
config.xml:
<access origin="*" />
<allow-navigation href="*"/>
Content-Security-Policy in index.html:
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data:">
I have an Ionic app that has been in the app store for over a year. Now suddenly multiple people are reporting that the app doesn't work. They can't get past the loading screen, which is expected if the phone doesn't have an internet connection.
I have set all the necessary settings in the index.html and config.xml files:
index.html
<meta http-equiv="Content-Security-Policy" content="default-src * data: gap: content: https://ssl.gstatic.com ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:35729; media-src * content: cdvphotolibrary:; img-src * content: data: blob: cdvphotolibrary:">
config.xml
<access origin="*" />
<allow-navigation href="*" />
<allow-intent href="*" />
<plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
I have not changed anything on those settings recently.
The app uses https://sentry.io for error logging, but I also cannot see any errors being sent to sentry, which means that either there are no errors, or the app does not have internet access.
The problem only exists on Android, we have not gotten a single report from iOS users. The Android phones tend to be a little bit older (Android 5 and Android 6), and we had one user report that the error was resolved after upgrading to the latest version.
The only option now is to push out a new release with improved error handling to be able to pinpoint the problem, but it's hard because I can't reproduce it on my test devices and I also can't seem to get any feedback from the devices.
Any help would be greatly appreciated.
So the error was not directly related to a connection issue, but rather to the fact that the app couldn't store the credentials to indexedDB, which lead to all the requests failing because they were unauthenticated.
The issue is described here and should be resolved in a couple of days when chrome releases a new version: Chrome on Android: Granted Quota for IndexedDB suddenly almost 0
The sentry HTTP request failed, probably because of a similar issue. This could be resolved by setting allowSecretKey to true.
< meta http-equiv="Content-Security-Policy" content="default-src 'self' *.xyz.com data: gap: https://ssl.gstatic.com *.xyz.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *;connect-src *">
Please check the above Error message that I am getting in visual studio 2015 when running in device is : FAILED TO LOAD RESOURCE XYZ.COM but the app works fine on ripple browser.
is the issue related to csp? if so how may I fix it?
Through the meta tag you posted. The Ajax call has been enabled in CSP (through directive "connect-src *").
Please first check if XYZ.COM is valid. And try adding the http/https schema to the meta tag directive if you are loading resource from a remote host. ex:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' http://*.xyz.com ";...>
If none of the above works, If you are having cordova-plugin-whitelist, I would suggest you adding the following codes to config.xml under root element:
<access origin="http://*.XYZ.com" />
<allow-intent href="http://*.XYZ.com" />
<allow-navigation href="http://*.XYZ.com"/>
If still nothing works, Could you share a basic demo that can reproduce this problem?
When I run my application either in the Android emulator or on my Android device, I get he following error on all AJAX requests:
Failed to load resource: the server responded with a status of 404 (Not Found)
I have tried all the following steps to solve this problem, but it persists.
Installed the whitelist plugin to the project using npm.
Added <plugin name="cordova-plugin-whitelist" version="1" /> to
config.xml.
Added <uses-permission android:name="android.permission.INTERNET" />
to platforms\android\AndroidManifest.xml.
Added <meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline';"> and <meta http-equiv="X-XSS-Protection" content="0"> to the <head> of www/index.html file.
Added <access origin="*" />, <allow-navigation href="*" /> and
<allow-intent href="*" /> to the config.xml file.
Regardless I still get the same errors. Any ideas?
The project compiles fine. I'm on Windows 7, using Cordova 5.4.0, Android 5.1.1
Removing the whole Android part of the application with:
cordova platform remove android
and adding it again with:
cordova platform add android
solved the problem, which is still a mystery to me.
Perhaps there was something wrong left from the earlier versions of Cordova that wasn't getting on well with the current Cordova version.
I think the problem's with your Content Security Policy meta tag - try adding * to the default-src to open up Ajax requests to anywhere. You could also add a connect-src clause specifically for Ajax requests and list the hosts and protocols you want to be able to access. For example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src http://myhost.mydomain.com">
Would allow Ajax requests to http://myhost.mydomain.com
I wrote a blog post addressing this topic that you may find helpful, it can be read here.
Update Android
cordova platform update android#5.1.1
I had the problem for me connect to a php page on my server and I made an update to android