I've seen many posts about implementing cordova whitelist plugin but after a full week of testing i still haven't spotted what's my mistake.
This ajax call throws these alerts:
xhr {"readystate":0,"status":0,"statustext":"error"}.
status "error"
error ""
$.ajax({
url: 'http://www.example.com/my_file.php',
data: {type: 'test', code: '11'},
method: "GET",
dataType: "json",
timeout: 5000,
success: function (data) {
alert('done '+JSON.stringify(data));
},
error: function (xhr, status, error) {
alert('xhr '+JSON.stringify(xhr));
alert('status'+JSON.stringify(status));
alert('error '+JSON.stringify(error));
}
});
I updated my phonegap build app with the new cordova whitelist implementation adding this to the meta:
<meta http-equiv="Content-Security-Policy" content="default-src data: gap: https://ssl.gstatic.com 'unsafe-eval' *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.example.com; connect-src 'self' http://www.example.com">
this to the config.xml:
<gap:plugin name="cordova-plugin-whitelist" source="npm"/>
<allow-navigation href="*" />
<allow-intent href="*" />
<access origin="*" />
and this in the js before ajax calls:
$.support.cors=true;
I'm using all the wildcards at the moment for the testing, i'll change later. This is the server php file i'm calling:
<?php
header("Access-Control-Allow-Origin: *");
header('Content-Type: application/json');
$data = json_encode(array($_GET));
echo $data;
?>
Phonegap build version cli-5.2.0
Android 4.1.1
any help will be appreciated
Try this in your config.xml
<access origin="*"/>
<access origin="tel:*" launch-external="yes"/>
<allow-navigation href="*"/>
<allow-navigation href="http://*/*"/>
<allow-navigation href="https://*/*"/>
<allow-navigation href="data:*"/>
<allow-intent href="*"/>
<access origin="*"/>
Related
Cors issue specifically in Internet Explorer only when
calling API from ajax call.
1)Request header content-type was not present in the Access-Control-Allow-
Headers list
2)XMLHttpRequest: Network Error 0x80070005, Access is denied.
I tried by followings
xhrFields: {
withCredentials: true
}
also by setting
...
crossDomain: true
...
headers: {
'Access-Control-Allow-Origin': '*'
},
Ajax call
var url = "https://dev-connectivity.dummylink";
var data = JSON.stringify({
"lang": "en",
"ClientId": "asdfasf3452345c42352345c",
"CountryCode": "34"
});
$.ajax({
url: url,
type: 'POST',
contentType: 'application/json; charset=utf-8',
headers: {
'Access-Control-Allow-Origin': '*' },
data: data,
success: function (data) {
alert("tets");
},
error: function (error) {
alert("error");
}
});
//My api Webconfig code
<httpProtocol>
<customHeaders>
<remove name="Access-Control-Allow-Origin" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Headers" value="*" />
</customHeaders>
</httpProtocol>
// also Enabling Cors in startup
services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
{
builder.AllowAnyMethod()
.AllowAnyHeader();
}));
app.UseCors("CorsPolicy");
IE doesn't accept Content-Type header if you have provided * in you web.config file so to fix this issue, you need to manually add Content-Type header in Access-Control-Allow-Headers list inside your web.config file.
<customHeaders>
<remove name="Access-Control-Allow-Origin" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Any-Other-Header" />
</customHeaders>
at the moment, in my app, I have a screen where the user click on "send" and send some data to ther server (a wcf service).
Now, I'd like to add a feature: in addition to the actual sent data, the user has to take a photo and send it with the other parameters.
I have added the plugin (camera) and create the template.
function capturePhoto() {
alert("1");
navigator.camera.getPicture(onPhotoDataSuccess, onFail, {
quality: 50,
destinationType: navigator.camera.DestinationType.FILE_URI,
//destinationType: navigator.camera.DestinationType.NATIVE_URI,
//sourceType: sourceType.CAMERA
});
}
function onPhotoDataSuccess(imageData) {
alert("S");
var smallImage = document.getElementById('myImage');
smallImage.style.display = 'block';
smallImage.src = "data:image/jpeg;base64," + imageData;
image = "data:image/jpeg;base64," + imageData;
alert("Image = " + image);
}
function onFail(message) {
alert('Failed because: ' + message);
}
I'm sure I have to manage something in the onSuccess function, but how can I reach my goal? After the picture is taken, I have to send it adding the picture as parameters here:
$.ajax({
type: "POST",
contentType: "application/json",
dataType: "json",
url: url,
data: JSON.stringify({ "data": date_str, "PICTUREHERE":pictureHere }),
success: function (output) {
//my stuff
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
//my error stuff
}
});
My deviceReady function is:
$(document).on("deviceready", function () {
navigator.splashscreen.hide();
});
I think in server side the "pictureHere" parameter has to be a byte[], but I don't know how to manage the app side.
UPDATE: my config.xml
<widget id="com.devexpress.apptemplate" version="1.0" versionCode="1">
<name>ApplicationTemplate</name>
<description>Template</description>
<author email="info#info.com" href="http://www.info.com/">info</author>
<preference name="permissions" value="none" />
<preference name="prerendered-icon" value="true" />
<preference name="android-windowSoftInputMode" value="adjustPan" />
<!--<preference name="phonegap-version" value="cli-7.0.1" />-->
<!--<preference name="SplashScreen" value="splash" />-->
<preference name="SplashScreenDelay" value="60000" />
<preference name="AutoHideSplashScreen" value="false" />
<preference name="SplashShowOnlyFirstTime" value="false" />
<preference name="FadeSplashScreen" value="false" />
<preference name="ShowSplashScreenSpinner" value="false" />
<preference name="DisallowOverscroll" value="true" />
<preference name="StatusBarOverlaysWebView" value="false" />
<preference name="StatusBarBackgroundColor" value="#000000" />
<preference name="android-minSdkVersion" value="14" />
<preference name="android-targetSdkVersion" value="22" />
<!--<plugin name="cordova-plugin-file" />-->
<!--<plugin name="cordova-plugin-camera" />-->
<plugin name="cordova-plugin-camera" spec="^2.4.1">
<variable name="CAMERA_USAGE_DESCRIPTION" value=" " />
<variable name="PHOTOLIBRARY_USAGE_DESCRIPTION" value=" " />
</plugin>
<plugin name="cordova-plugin-splashscreen" onload="true" />
<plugin name="cordova-plugin-whitelist" />
<plugin name="cordova-plugin-ios-longpress-fix" />
<plugin name="cordova-plugin-statusbar" onload="true" />
<access origin="*" />
</widget>
In my html page I added
<img id="myImage" />
function getImage() {
// Retrieve image file location from specified source
navigator.camera.getPicture(function(pictureHere){
$.ajax({
type: "POST",
contentType: "application/json",
dataType: "json",
url: url,
data: JSON.stringify({ "data": date_str, "PICTUREHERE":pictureHere}),
success: function (output) {
//my stuff
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
//my error stuff
}
});
}, function (message) {
Alert("Error", "error");
}, {
quality: 50,
destinationType: navigator.camera.DestinationType.FILE_URI,
sourceType: navigator.camera.PictureSourceType.PHOTOLIBRARY
}
);
}
pictureHere has to be base64 string
I have a Cordova application in which the first page is a login that does an Ajax request to an external server.
I have added Content-Policy-Security meta tag as follows:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src: 'self' 'unsafe-inline' 'unsafe-eval'>
The Login function gets called and is accessed but the $.ajax function seems to be completely ignored.
Before the function is called I've set
$.support.cors = true;
In my config.xml file I have the following
<feature name="Whitelist">
<param name="android-package" value="org.apache.cordova.whitelist.WhitelistPlugin" />
</feature>
<access origin="*" subdomains="true" />
<allow-navigation href="*" />
<access origin="http://*.nutshellapps.co.uk" />
<allow-navigation href="http://*.nutshellapps.co.uk" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
I have added all of the above as a precautionary measure.
The nutshellapps.co.uk sub domain is what people will be logging in to with their credentials. So I have added the http://*.nutshellapps.co.uk to the access origin.
Is my meta tag correct?
I have a mixture of both inline styles and js, and css/js files containing code.
This worked on the previous version of Cordova that I used (3.5.0), but now this is causing major errors. If i run the application on the browser, it works fine, so I obviously know its the whitelist plugin/a cross domain issue.
Anyone else had this problem?
My ajax call is below
$.ajax({
url: serviceURL + "Json/Authentication/login",
type: "GET",
data: {'data':JSON.stringify(loginData)},
dataType: "jsonp",
crossDomain: true,
success: function(data) {
console.log(data);
},
error: function(jqXmlHttpRequest, textStatus, errorThrown) {
console.log('error');
});
The content security policy meta tag that you posted seems to be malformed:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src: 'self' 'unsafe-inline' 'unsafe-eval'>
There is no closing ".
For Cordova, you also want to have the gap: protocol set and https://ssl.gstatic.com for Android, so I would suggest trying:
<meta http-equiv="Content-Security-Policy" content="default-src * data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *;">
You could also add connect-src in there if you want to specify different connect hosts versus your default-src.
A blog post that discusses these issues can be found here.
I managed to solve this by adding the following to the top of my index.html
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *">
I realise this isn't exactly safe, but I cannot get anything else to work.
Also, I made sure my WhitelistPlugin was loaded as the app started up in my config.xml
<feature name="Whitelist">
<param name="android-package" value="org.apache.cordova.whitelist.WhitelistPlugin" />
<param name="onload" value="true" />
</feature>
Using :
PGB cli-5.2.0
cordova-plugin-whitelist (i've tried both https://build.phonegap.com/plugins/4178 and plugins/3401 )
Refering to ( https://github.com/lukesmith123/whitelist-2/blob/18a8ce4/README.md ) i added <allow-navigation href="*" /> , <allow-intent href="*" />, <access origin="*" />
My app is using an ajax request to get data from http that has "Access-Control-Allow-Origin", "*".
But still get: Error Failed to load resource: the server responded with a status of 404, yet on localhost it works just fine.
What could i be missing?
Finally got it working.
I put this CSR metta tag in the html <head>
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline'; media-src *">
And put this cordova-plugin-whitelist in the config.xml
<gap:plugin name="cordova-plugin-whitelist" source="npm" />
<allow-navigation href="http://*/*" />
<allow-intent href="https://*/*" />
Phew!!!
I have a webservice in the same domain of my site. I have an ajax call to consult that webservice and works fine from IE but from Chrome and Firefox, I cannot make it work.
My ajax call is:
$.ajax({
type: 'POST',
async: false
data: xml,
url: url,
dataType: "xml",
success: function (data, textStatus, XmlHttpRequest) {
//On sucess action
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
//On error action
},
headers: {
"Content-Type": "text/xml; charset=utf-8",
"SOAPAction": soapAction,
"Content-Length": xml.length + 1
}
});
But from chrome and firefox I receive:
XMLHttpRequest cannot load https://mydomain:83/<webservice>/<webservice>.asmx. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://mydomain' is therefore not allowed access. The response had HTTP status code 500.
I add to the webconfig:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://mydomain"/>
<add name="Access-Control-Allow-Origin" value="http://mydomain"/>
<add name="Access-Control-Allow-Credentials" value="true"/>
</customHeaders>
</httpProtocol>
But no luck. Any idea what am I missing?
I gave up to soon. In my particular case, this do the trick for Chrome and Firefox
<add name="Access-Control-Allow-Origin" value="https://mydomain" />
<add name="Access-Control-Allow-Headers" value="Content-Type, SOAPAction" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />