[jira] [Created] (CB-13194) Http Requests and Same Origin Policy Problems on mobile devices
Michael Burger created CB-13194: --- Summary: Http Requests and Same Origin Policy Problems on mobile devices Key: CB-13194 URL: https://issues.apache.org/jira/browse/CB-13194 Project: Apache Cordova Issue Type: Bug Components: AllComponents Affects Versions: cordova@7.0.0 Reporter: Michael Burger As so many others I have the problem with a RESTful service we are calling. This service as so many others has an ORIGIN check. Using Cordova & Ionic doing the request from android app set the origin to file:// which is good for browser cors check but not good for the service, they doesn't allow this schema for origin. As others the allow only empty origin or the same origin. On many posts I read the wrote you can handle this with whitelist plugin or with CSP. But I think this absolutly incorrect. With whitelist you can not work on the origin header and CSP has nothing to do with it. So the last few days I spend hundreds of hours and googled and tested different solutions and different plugins. But the solution is not there and not simple. At the moment I'm testing cordova plugins for http and websocket requests, to do native http and websocket calls, this is working great for the SOP problem but there are some problems with cookies. I tryied to found a solution on a Custom WebView where we can elimante the Origin header from request but this was to difficult for us. Can someone help on this problem? I'm not the only guy which has to call a SOP protected resource over the internet from a mobile hybrid app. Why there is no simple solution for it? -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-8434) XHR contains Origin-Header file://
[ https://issues.apache.org/jira/browse/CB-8434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118989#comment-16118989 ] Michael Burger commented on CB-8434: "what the solution was", so at the end you found a solution? > XHR contains Origin-Header file:// > -- > > Key: CB-8434 > URL: https://issues.apache.org/jira/browse/CB-8434 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-android, cordova-lib >Affects Versions: 3.6.3 > Environment: Windows 7(x64), Android 4.4.4, Cordova App >Reporter: Martin > > My Cordova app calls some REST-API which requires CORS. The server itself > responds with a code 403. If I look at the request headers, I see that origin > contains "file://" which is evaluated as invalid on server-side. > Valid origin values would be: "file:///" oder "null". > Any solution to this issue? -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-8434) XHR contains Origin-Header file://
[ https://issues.apache.org/jira/browse/CB-8434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118913#comment-16118913 ] Michael Burger commented on CB-8434: Hi, did you find a solution for that??? I would be very greatfull to find a solution on this thx! > XHR contains Origin-Header file:// > -- > > Key: CB-8434 > URL: https://issues.apache.org/jira/browse/CB-8434 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-android, cordova-lib >Affects Versions: 3.6.3 > Environment: Windows 7(x64), Android 4.4.4, Cordova App >Reporter: Martin > > My Cordova app calls some REST-API which requires CORS. The server itself > responds with a code 403. If I look at the request headers, I see that origin > contains "file://" which is evaluated as invalid on server-side. > Valid origin values would be: "file:///" oder "null". > Any solution to this issue? -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
