Reputation: 709
Cordova 8.0.0 Ajax error
I know, that there are more topics about this and I got through them, but nothing worked, so that is why I am writing the new one:
I am trying to create AJAX read request on Android platform (but iOS is planed too). Every try ends up with some error.
What I have done:
1) I have cordova whitelist plugin installed (comes with cordova installation)
2) I have various definitions in config.xml, last definition of each type (access, allow-intent, allow navigation) is set to * for testing purposes
3) I have (I think) all allow access definitions in \platforms\android\app\src\main\AndroidManifest.xml
4) I have tried various html meta tags
5) I have tried removig and re-adding android platform
6) I have tried to restart mobile device
7) I have tried mobile data, wifi, even both of them
8) ajax request is over http, not https
9) ajax request is in linked testAjax.js in $(document).ready(...)
About theese meta tags:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' *">
gets
<!-- This policy allows everything (eg CSS, AJAX, object, frame, media, etc) except that
* CSS only from the same origin and inline styles,
* scripts only from the same origin and inline styles, and eval()
-->
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
gets the same as above.
<!-- Good default declaration:
* gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
* Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
* Enable eval(): add 'unsafe-eval' to default-src
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' http://mytestdomain.com data: gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *">
I tried quite a few more, but there is always one of theese 3 errors
Also, here is my config.xml:
<?xml version='1.0' encoding='utf-8'?>
<widget id="com.TG.app" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>TG</name>
<description>
A sample Apache Cordova application that responds to the deviceready event.
</description>
<author email="[email protected]" href="http://cordova.io">
Apache Cordova Team
</author>
<content src="index.html" />
<access origin="http://mytestdomain.com" />
<access origin="http://mytestdomain.com/*" />
<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<allow-intent href="gap:*" />
<allow-intent href="*" />
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />
<allow-navigation href="http://mytestdomain.com" />
<allow-navigation href="*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
</platform>
<plugin name="cordova-plugin-googlemaps" spec="^2.2.5">
<variable name="API_KEY_FOR_ANDROID" value="mykey" />
<variable name="API_KEY_FOR_IOS" value="mykey" />
<variable name="PLAY_SERVICES_VERSION" value="11.8.0" />
<variable name="ANDROID_SUPPORT_V4_VERSION" value="24.1.0" />
</plugin>
<preference name="Orientation" value="portrait" />
<plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
<engine name="browser" spec="^5.0.3" />
<engine name="android" spec="^7.0.0" />
</widget>
In Android manifest I have
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
So any idea, what is wrong here and how to make it working? (Even if everything will be open, security is not a question here, I just need to make it work in any way)
Thanks in advance :)
Upvotes: 0
Views: 1461
Answers (1)
Reputation: 709
OK, I have found a solution. The key was to delete the "self" keyword from default-src. So this works:
<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' 'unsafe-eval' *">
Hope they will update cordova documentation soon, because this is not covered and following all their suggested meta tags, same as following all guides here on StackOverflow results in failure, as everybody have the "self" keyword there.
Upvotes: 1
Related Questions
- REST API (http and https) Ajax Call is not working in Latest Cordova Ver 10.0.0
- Ajax requests are failing on Cordova Android app
- Ajax API call not working for cordova Android
- Cordova Android not sending AJAX request
- AJAX Request from Phonegap Android fails
- Issues with ajax request (Cordova)
- Ajax error after update apache cordova to 5
- cordova.js is throwing Uncaught TypeError with an ajax call
- Cordova Android 4.3 Ajax Status 404
- Making Ajax request on Android returns No Transport error