[
https://issues.apache.org/jira/browse/CB-13194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Bowser resolved CB-13194.
-----------------------------
Resolution: Not A Problem
This is the issue tracker, not a help forum. It would be better to ask this on
Stack Overflow, or on a similar forum.
> Http Requests and Same Origin Policy Problems on mobile devices
> ---------------------------------------------------------------
>
> Key: CB-13194
> URL: https://issues.apache.org/jira/browse/CB-13194
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-android
> Affects Versions: [email protected]
> Reporter: Michael Burger
> Priority: Major
> Labels: security
>
> As so many others I have the problem with a RESTful service we are calling.
> This service as so many others has an ORIGIN check. Using Cordova & Ionic
> doing the request from android app set the origin to file:// which is good
> for browser cors check but not good for the service, they doesn't allow this
> schema for origin. As others the allow only empty origin or the same origin.
> On many posts I read the wrote you can handle this with whitelist plugin or
> with CSP. But I think this absolutly incorrect. With whitelist you can not
> work on the origin header and CSP has nothing to do with it.
> So the last few days I spend hundreds of hours and googled and tested
> different solutions and different plugins. But the solution is not there and
> not simple.
> At the moment I'm testing cordova plugins for http and websocket requests, to
> do native http and websocket calls, this is working great for the SOP problem
> but there are some problems with cookies.
> I tryied to found a solution on a Custom WebView where we can elimante the
> Origin header from request but this was to difficult for us.
> Can someone help on this problem?
> I'm not the only guy which has to call a SOP protected resource over the
> internet from a mobile hybrid app. Why there is no simple solution for it?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
