i'm using Browser platform of Cordova, also i'm using cordova-plugin-whitelist
and Content-Security-Policy
tag into my html codes. but i get below error in console:
JQMIGRATE: Migrate is installed, version 3.0.0
adding proxy for Device
SEC7118: XMLHttpRequest for http://app.jpcomplex.com/appserver/?ios=1&username=&devid=1551073647241314 required Cross Origin Resource Sharing (CORS).
index.html
SEC7120: Origin http://localhost:8000 not found in Access-Control-Allow-Origin header.
index.html
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
index.html
here is my config.xml:
<?xml version='1.0' encoding='utf-8'?>
<widget id="io.cordova.hellocordova" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>HelloCordova</name>
<description>
A sample Apache Cordova application that responds to the deviceready event.
</description>
<author email="dev@cordova.apache.org" href="http://cordova.io">
Apache Cordova Team
</author>
<content src="index.html" />
<access origin="*" />
<allow-navigation href="http://app.jpcomplex.com/*" />
<allow-navigation href="*" />
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />
<allow-intent href="http://app.jpcomplex.com/*" />
<allow-intent href="*" />
<plugin name="cordova-plugin-x-toast" spec="^2.7.2" />
<plugin name="cordova-plugin-dialogs" spec="^2.0.1" />
<plugin name="cordova-plugin-nativestorage" spec="^2.3.2" />
<plugin name="cordova-plugin-device" spec="^2.0.2" />
<plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
<engine name="browser" spec="^5.0.4" />
<engine name="android" spec="^7.1.4" />
<engine name="ios" spec="^4.5.5" />
</widget>
and here is the meta tag:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
and here is my ajax request:
$.get("http://app.jpcomplex.com/appserver/",{ios:1,username:'test'},function(data){
alert(data);
});
how can i fix it?
My meta CSP is
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:; connect-src *;">
And i can normally connect to my endpoints, maybe try to remove the /* in
<allow-navigation href="http://app.jpcomplex.com" />
I've just seen this
SEC7120: Origin http://localhost:8000 not found in Access-Control-Allow-Origin header.
You need to enable CORS on the server (http://app.jpcomplex.com). Check out this site: http://enable-cors.org/
All you need to do is add an HTTP header to the server:
Access-Control-Allow-Origin: http://localhost:8000 Or, for simplicity:
Access-Control-Allow-Origin: *
User contributions licensed under CC BY-SA 3.0