It was recently brought to our attention that Android apps built with Phonegap 3.6.3 on Build were not obeying whitelisting. In addition to your specifed whitelists, Build was also including the following:
We've now fixed this issue, but it may affect some apps behaviour if they were not correctly specifying their accessible domains. So if you're suddenly seeing failed requests in your app, check your whitelists. If you don't specify a whitelist in your config.xml, the defaults in the Cordova template will be used (all access).
FYI, this was a result of this change in Apache Cordova Android.
<access origin="http://*/*"/>
<access origin="https://*/*"/>
We've now fixed this issue, but it may affect some apps behaviour if they were not correctly specifying their accessible domains. So if you're suddenly seeing failed requests in your app, check your whitelists. If you don't specify a whitelist in your config.xml, the defaults in the Cordova template will be used (all access).
FYI, this was a result of this change in Apache Cordova Android.
ryan, Developer
- 1538 Posts
- 132 Reply Likes
Posted 6 years ago
ryan, Developer
- 1538 Posts
- 132 Reply Likes
Also noteworthy is that the following url scheme whitelists were being included by default:
These are now removed if you specify your own whitelist -- you'll need to specify them yourself in your config.xml if you want them present.
<access origin="tel:*" launch-external="yes"/>
<access origin="geo:*" launch-external="yes"/>
<access origin="mailto:*" launch-external="yes"/>
<access origin="sms:*" launch-external="yes"/>
<access origin="market:*" launch-external="yes"/>
These are now removed if you specify your own whitelist -- you'll need to specify them yourself in your config.xml if you want them present.
- 8261 Posts
- 263 Reply Likes
- 27 Posts
- 8 Reply Likes
Hey Ryan,
I've added in the new access nodes to the config file that you noted in your initial post. I am still having issues on certain androids with the whitelisting of my url that I am making webservice calls to. The app worked fine a couple weeks ago, and still works great on iOS and some Android. Would really like it to work on all Androids :).
Please advise.
Thanks.
I've added in the new access nodes to the config file that you noted in your initial post. I am still having issues on certain androids with the whitelisting of my url that I am making webservice calls to. The app worked fine a couple weeks ago, and still works great on iOS and some Android. Would really like it to work on all Androids :).
Please advise.
Thanks.
ryan, Developer
- 1538 Posts
- 132 Reply Likes
What version of Android is running on your problematic device?
Try the full wildcard:
And then run the request again. What is the status code of the response?
Tip: use remote debugging with chrome rather than alerts.
Try the full wildcard:
<access origin="*" />
And then run the request again. What is the status code of the response?
Tip: use remote debugging with chrome rather than alerts.
- 27 Posts
- 8 Reply Likes
The Android version is 4.4, Kitkat.
Will give it anther try now and let you know how it goes.
Thanks for the tip.
Will give it anther try now and let you know how it goes.
Thanks for the tip.
ryan, Developer
- 1538 Posts
- 132 Reply Likes
I'm unable to reproduce, so this is tough for me to debug. But here are some suggestions:
Is only this request failing? Or do requests to all domains fail? Launch your app and try this in the Chrome dev tools console:
Same error?
Also, I don't think
Try some other random requests, with and without JSONP, different domains, etc. Do they always fail?
Is only this request failing? Or do requests to all domains fail? Launch your app and try this in the Chrome dev tools console:
$.ajax({
url: 'http://www.nhl.com',
success: function(data, textStatus ) {
console.log('success!');
}
});
Same error?
Also, I don't think
GETJSONP is a valid request type, though I would assume that this would default to GET so I don't think its the problem, but its a shot in the dark.
Try some other random requests, with and without JSONP, different domains, etc. Do they always fail?
Related Categories
-
PhoneGap Build
- 15111 Conversations
- 275 Followers

