Michael Burger created CB-13194:
-----------------------------------
Summary: Http Requests and Same Origin Policy Problems on mobile
devices
Key: CB-13194
URL: https://issues.apache.org/jira/browse/CB-13194
Project: Apache Cordova
Issue Type: Bug
Components: AllComponents
Affects Versions: cordova@7.0.0
Reporter: Michael Burger
As so many others I have the problem with a RESTful service we are calling.
This service as so many others has an ORIGIN check. Using Cordova & Ionic doing
the request from android app set the origin to file:// which is good for
browser cors check but not good for the service, they doesn't allow this schema
for origin. As others the allow only empty origin or the same origin.
On many posts I read the wrote you can handle this with whitelist plugin or
with CSP. But I think this absolutly incorrect. With whitelist you can not work
on the origin header and CSP has nothing to do with it.
So the last few days I spend hundreds of hours and googled and tested different
solutions and different plugins. But the solution is not there and not simple.
At the moment I'm testing cordova plugins for http and websocket requests, to
do native http and websocket calls, this is working great for the SOP problem
but there are some problems with cookies.
I tryied to found a solution on a Custom WebView where we can elimante the
Origin header from request but this was to difficult for us.
Can someone help on this problem?
I'm not the only guy which has to call a SOP protected resource over the
internet from a mobile hybrid app. Why there is no simple solution for it?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
