What is the right way of connect to a REST API with content security policy in a Phonegap/cordova Android APP

Question

I have successfully developed a Phonegap hybrid App, it worked well on emulators but unable to post to a remote server when installed on android device. I configured white list plugin and my config.xml contains

 <plugin name="cordova-plugin-whitelist" version="1" />   
 <access origin="*"/>
<allow-navigation href="http://*/*"/>
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<platform name="android">
    <allow-intent href="market:*" />
</platform>
<platform name="ios">
    <allow-intent href="itms:*" />
    <allow-intent href="itms-apps:*" />
</platform>

and my index page contains

 <meta http-equiv="Content-Security-Policy" content="default-src 'self' gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *; connect-src *">

I am using Cordova 5.3.3 but yet nothing seems to work.

Please can anybody tell me what I am doing wrong. Thanks

Answer 1

The white-listing configuration and the Content Security Policy I posted in my question are correct and sufficient to get an hybrid app deployed on android platform connected to a remote API.

The problem was the API itself, as the app does connected well with other API. Initially we are using a play framework to develop our API, which has some issue responding to client request on the hybrid APP.

We then create a PHP proxy script which gets the request from the client and passes same to the play server.

That is it.

Answer 2

Try the following

    <plugin name="cordova-plugin-whitelist" source="npm" spec="1.1.0" />
    <allow-navigation href="*" />
    <allow-intent href="*" />
    <access origin="*" />

    <preference name="permissions" value="none"/>