3

I have Cordova > 4.0.0, so it has CSP and Whitelist security measures.

In the browser I can make the request to the API, but in an Android device it gives me this error:

file:///http:/xxx.xxx.xxx/api/Login/DoLogin

Failed to load resource: net::ERR_FILE_NOT_FOUND

I searched for a solution, but nothing worked.

My config.xml has this fields (according to Cordova Whitelist Plugin documentation):

 <allow-navigation href="*" />
 <allow-intent href="*" />
 <access origin="*" />"

INFO: I tryed multiple combination's of this parameter's, with the URL of the Api. (Ex: <access origin="http://xxx.xxx.xxx/" subdomains="true" />)

In my Index.html I have this CSP:

 <meta http-equiv="Content-Security-Policy" 
 content="default-src *; style-src * 'self' 'unsafe-inline' 'unsafe-eval';
               script-src * 'self' 'unsafe-inline' 'unsafe-eval';">

INFO: In here I have tried other combination's of CSP according to Cordova Whitelist Plugin

So, before anyone ask I have installed:

  • cordova-whitelist-plugin

And using Restangular for the requests.

I can't figure it out, can someone help me?

EDIT: Request Code

var baseLogin = Restangular.all('http:/xxx.xxx.xxx/api/Login/DoLogin');

dataApi.doLogin = function (var1, var2, var3, var4, var5) {
    // $http() returns a $promise that we can add handlers with .then()
    var parameter = null;
        parameter = {
            var1: var1,
            var2: var2,
            var3: var3,
            var4: var4,
            var5: var5
        };
    return baseLogin.post(parameter);
};

I use Ionic, so it has CORS issues in browser, to resolve that I use a proxy in ionic.project file, but it's only called in the browser, in the device it is not using this.

Improve this question
7
  • Can you post the stack trace? Commented Jan 19, 2016 at 12:28
  • 1
    Doesn't look like an content security policy related error. It rather seems your url is wrong: I guess it should look like http:/xxx.xxx.xxx/api/Login/DoLogin without the file:/// Commented Jan 19, 2016 at 12:36
  • 1
    @Phonolog I was going to add exactly that. As the phone is acessing "remotely" the file there is not needed and causing an internal exception. Commented Jan 19, 2016 at 12:39
  • I don't know where the file:// is coming from, that is why. I will try with $resource or $http, to see if it changes anything Commented Jan 19, 2016 at 12:51
  • 1
    I'm not familiar with Restangular, so i can't really help to figure out what's wrong here, maybe it's even a bug in Restangular. For a quick fix i would suggest to do a simple post with $http, this worked fine on my android device... Commented Jan 19, 2016 at 13:18

1 Answer 1

Reset to default
1

Try to remove the "file" from your url, as @Phonolog commented out.

It's not necessary and it may be causing an internal exception on the phone. Try to use just http:/xxx.xxx.xxx/api/Login/DoLogin, as you would with an WCF service. Also be sure that this endpoint is properly configured to accept incoming requests.

Addendun: Also, you should be careful with these tags:

<allow-navigation href="*" />
<allow-intent href="*" />
<access origin="*" />"

These means allowing access to everything, and also allows communications with others applications/services. So be careful, this can cause a security issue in the future.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I know what this mean, It's for debug purpose only, I was just trying to put it to work, and I can't even with access to everything I noticed the file:// but I don't make the request to that URL, something is changing my URL and prepend it with file://. And I don't know what. I'm using Restangular, to make the request.
I did not understand your comment, sorry. You don't mal? Did it not work? If it did not, what was the exception this time?
Sorry, it was sent unfinished.
Maybe adding some of the code where you do your api call might help to resolve this...
@pcagica it's okay, we're here to help. Add some more code as Phonolog requested, if you don't mind.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.