You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Michael Burger (JIRA)" <ji...@apache.org> on 2017/08/18 14:28:00 UTC

[jira] [Created] (CB-13194) Http Requests and Same Origin Policy Problems on mobile devices

Michael Burger created CB-13194:
-----------------------------------

             Summary: Http Requests and Same Origin Policy Problems on mobile devices
                 Key: CB-13194
                 URL: https://issues.apache.org/jira/browse/CB-13194
             Project: Apache Cordova
          Issue Type: Bug
          Components: AllComponents
    Affects Versions: cordova@7.0.0
            Reporter: Michael Burger


As so many others I have the problem with a RESTful service we are calling.

This service as so many others has an ORIGIN check. Using Cordova & Ionic doing the request from android app set the origin to file:// which is good for browser cors check but not good for the service, they doesn't allow this schema for origin. As others the allow only empty origin or the same origin.

On many posts I read the wrote you can handle this with whitelist plugin or with CSP. But I think this absolutly incorrect. With whitelist you can not work on the origin header and CSP has nothing to do with it.

So the last few days I spend hundreds of hours and googled and tested different solutions and different plugins. But the solution is not there and not simple.

At the moment I'm testing cordova plugins for http and websocket requests, to do native http and websocket calls, this is working great for the SOP problem but there are some problems with cookies.
I tryied to found a solution on a Custom WebView where we can elimante the Origin header from request but this was to difficult for us.


Can someone help on this problem?

I'm not the only guy which has to call a SOP protected resource over the internet from a mobile hybrid app. Why there is no simple solution for it?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org