Reputation: 91
Consume asp.net web api2 service in phonegap mobile app
I've developed a asp.net web api2 service to use in phonegap mobile application.
Asp.net web api2 service is running fine
I've tested it from any site like localhost/abc or www.abc.com by ajax call. The response is ok
But phonegap have no response.
I've used
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
in my service.
I've used
<access origin=".*" />
in phonegap.
But no result.
Please help me in resolving this.
Upvotes: 0
Views: 521
Answers (1)
Reputation:
@Debashis,
in all likelyhood you have NOT implemented the CSP (Content Security Policy). This policy needs to implmented at the webpage level. See below.
Quick to many common white-list problems
The alternative is this quick fix – but know that this fix removes all needs for white-list. This creates a security issue which you may not want to by pass.
QUICK FIX Add this to your config.xml
<preference name="phonegap-version" value="3.7.0" />
The long answer is as such:
From Top Mistakes by Developers new to Cordova/Phonegap you have hit:
- #6 Not setting the "phonegap version" for your compiler
- #7 Not setting "version" for you plugins
- #10 Not adding the new "white-list" and "white-list plugin" parameters in config.xml.
For #6 & #7
With the CLI version, if you do not assign a version for your platform OR in ''Phonegap Build'' if you do not set the phonegap-version in config.xml, YOU WILL GET THE LATEST VERSION. If you are lucky, your program just works as expected. If you are not lucky, you'll get a set of cascading errors.
Luckily for all of us, Holly Schinsky has written a nice blog post to explain it all:
Cordova/PhoneGap Version Confusion
http://devgirl.org/2014/11/07/cordovaphonegap-version-confusion/
For #10
This relatively * NEW * requirement means – to access ANY website or resources on the web, you MUST use the whitelist and the whitelist plugin. This requirement goes into affect, if you are using [email protected] or better; including cli-5.1.1 and cli-5.2.0. If however, your version is before 4.0.0, let's say 3.5.0 or 3.7.0, then you will not have to add the white-list requirement.
To be clear, the "whitelist" has been around for a bit, but the plugin and requirement is very new. As you would expect, when the "whitelist" was added, the defacto open-access feature was deprecated. Or said another way, the defacto open-access feature was planned and scheduled to be eliminated. This change marks a step in removal of the open-access feature.
In addition, the Content Security Policy (CSP) has caught numerous developers - because it was soooo poorly publicized. Depending on your use and the version of Phonegap you are using, the CSP needs to go in every single HTML page you used, just like you have to wait for 'deviceready'. However, there are cases where it is not needed at all. The documentation is confusing for some, please read it carefully. The documentation is buried in the bottom of many of the latest documentation pages.
Related Links
Phonegap Build Forum: Notes for upgrading to cli-5.1.1 on PGB and now required Whitelist
Upvotes: 1
Related Questions
- Mobile App and Web App Api Hitting
- Phonegap and asp.net webapi user authentication
- PhoneGap client with ASP.NET server
- how to call RESTful web service in phonegap application?
- Consuming ASP.NET Web API from ASP.NET MVC and mobile devices
- Consuming ASP.NET Web Service From Phonegap
- JQuery Mobile + WebApi + PhoneGap
- Phonegap + Webservice
- how to call a asp.net webservice in android using phonegap
- PhoneGap - Call asp.net webservice