You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by Michael Gruber <Mi...@asoluto.com> on 2015/05/04 16:14:15 UTC
cross-domain scripting with xDomain and Cordova
Dear Ladies and Gentleman,
we have to do cross-domain scripting and use xDomain.js (latest). Because we have to support old internet explorers (IE 9+). As far as we understand xDomain uses the window.location which is always file:// in a Cordova-Project v3.8.0. (Android and iOS)
Is there a way to set origin to http:// to allow cross-domain scripting?
Or do you have other suggestions / solutions / ideas to solve this problem?
If we have to move away from xDomain can we use cors?
Best regards,
Michael Gruber, B.Sc.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
RE: cross-domain scripting with xDomain and Cordova
Posted by Rob Paveza <Ro...@microsoft.com>.
Hi Michael, welcome to the list.
I'm not sure I understand your question entirely. It sounds as if you have an existing web property in which you're using xDomain.js to make cross-domain script requests, and you want to understand how to do this within a Cordova app?
When you package your app for deployment onto a device, your app is served from file:// (for Android and iOS) and from ms-appx:// (for Windows). To allow cross-domain requests, you have to specify the <access origin="(origin)" /> tag in config.xml. Depending on your platform version, you may also need to specify a CSP - (Content Security Policy)[http://content-security-policy.com/] - such as:
script-src 'self' mydomain.mysite.com;
Cordova templates generally ship with a default CSP presently - you put it into your page meta tags - so take a look at what is already there. Some of those are required for Android, others for iOS, so in general, you probably need to be more permissive than what the default template specifies.
For more information, you can check out (cordova-plugin-whitelist)[https://github.com/apache/cordova-plugin-whitelist].
-Rob
-----Original Message-----
From: Michael Gruber [mailto:Michael.Gruber@asoluto.com]
Sent: Monday, May 4, 2015 7:14 AM
To: dev@cordova.apache.org
Subject: cross-domain scripting with xDomain and Cordova
Dear Ladies and Gentleman,
we have to do cross-domain scripting and use xDomain.js (latest). Because we have to support old internet explorers (IE 9+). As far as we understand xDomain uses the window.location which is always file:// in a Cordova-Project v3.8.0. (Android and iOS)
Is there a way to set origin to http:// to allow cross-domain scripting?
Or do you have other suggestions / solutions / ideas to solve this problem?
If we have to move away from xDomain can we use cors?
Best regards,
Michael Gruber, B.Sc.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org