Cordova can not access to AJAX

-1

i'm using Browser platform of Cordova, also i'm using cordova-plugin-whitelist and Content-Security-Policy tag into my html codes. but i get below error in console:

JQMIGRATE: Migrate is installed, version 3.0.0 
adding proxy for Device 
SEC7118: XMLHttpRequest for http://app.jpcomplex.com/appserver/?ios=1&username=&devid=1551073647241314 required Cross Origin Resource Sharing (CORS). 
index.html
SEC7120: Origin http://localhost:8000 not found in Access-Control-Allow-Origin header. 
index.html
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
index.html

here is my config.xml:

<?xml version='1.0' encoding='utf-8'?>
<widget id="io.cordova.hellocordova" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
    <name>HelloCordova</name>
    <description>
        A sample Apache Cordova application that responds to the deviceready event.
    </description>
    <author email="dev@cordova.apache.org" href="http://cordova.io">
        Apache Cordova Team
    </author>
    <content src="index.html" />
    <access origin="*" />
    <allow-navigation href="http://app.jpcomplex.com/*" />
    <allow-navigation href="*" />
    <allow-navigation href="http://*/*" />
    <allow-navigation href="https://*/*" />
    <allow-navigation href="data:*" />
    <allow-intent href="http://app.jpcomplex.com/*" />
    <allow-intent href="*" />
    <plugin name="cordova-plugin-x-toast" spec="^2.7.2" />
    <plugin name="cordova-plugin-dialogs" spec="^2.0.1" />
    <plugin name="cordova-plugin-nativestorage" spec="^2.3.2" />
    <plugin name="cordova-plugin-device" spec="^2.0.2" />
    <plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
    <engine name="browser" spec="^5.0.4" />
    <engine name="android" spec="^7.1.4" />
    <engine name="ios" spec="^4.5.5" />
</widget>

and here is the meta tag:

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">

and here is my ajax request:

$.get("http://app.jpcomplex.com/appserver/",{ios:1,username:'test'},function(data){
    alert(data);
});

how can i fix it?

ajax
cordova
access-control
asked on Stack Overflow Feb 25, 2019 by saleh

1 Answer

-1

My meta CSP is

<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:; connect-src *;">

And i can normally connect to my endpoints, maybe try to remove the /* in 

<allow-navigation href="http://app.jpcomplex.com" />

I've just seen this

SEC7120: Origin http://localhost:8000 not found in Access-Control-Allow-Origin header.

You need to enable CORS on the server (http://app.jpcomplex.com). Check out this site: http://enable-cors.org/

All you need to do is add an HTTP header to the server:

Access-Control-Allow-Origin: http://localhost:8000 Or, for simplicity:

Access-Control-Allow-Origin: *

answered on Stack Overflow Feb 25, 2019 by nano • edited Feb 25, 2019 by nano

User contributions licensed under CC BY-SA 3.0