It was recently brought to our attention that Android apps built with Phonegap 3.6.3 on Build were not obeying whitelisting. In addition to your specifed whitelists, Build was also including the following:
We've now fixed this issue, but it may affect some apps behaviour if they were not correctly specifying their accessible domains. So if you're suddenly seeing failed requests in your app, check your whitelists. If you don't specify a whitelist in your config.xml, the defaults in the Cordova template will be used (all access).
FYI, this was a result of this change in Apache Cordova Android.
<access origin="http://*/*"/>
<access origin="https://*/*"/>
We've now fixed this issue, but it may affect some apps behaviour if they were not correctly specifying their accessible domains. So if you're suddenly seeing failed requests in your app, check your whitelists. If you don't specify a whitelist in your config.xml, the defaults in the Cordova template will be used (all access).
FYI, this was a result of this change in Apache Cordova Android.
ryan, Developer
- 1538 Posts
- 132 Reply Likes
Posted 6 years ago
ryan, Developer
- 1538 Posts
- 132 Reply Likes
Also noteworthy is that the following url scheme whitelists were being included by default:
These are now removed if you specify your own whitelist -- you'll need to specify them yourself in your config.xml if you want them present.
<access origin="tel:*" launch-external="yes"/>
<access origin="geo:*" launch-external="yes"/>
<access origin="mailto:*" launch-external="yes"/>
<access origin="sms:*" launch-external="yes"/>
<access origin="market:*" launch-external="yes"/>
These are now removed if you specify your own whitelist -- you'll need to specify them yourself in your config.xml if you want them present.
- 8261 Posts
- 263 Reply Likes
- 27 Posts
- 8 Reply Likes
Hey Ryan,
I've added in the new access nodes to the config file that you noted in your initial post. I am still having issues on certain androids with the whitelisting of my url that I am making webservice calls to. The app worked fine a couple weeks ago, and still works great on iOS and some Android. Would really like it to work on all Androids :).
Please advise.
Thanks.
I've added in the new access nodes to the config file that you noted in your initial post. I am still having issues on certain androids with the whitelisting of my url that I am making webservice calls to. The app worked fine a couple weeks ago, and still works great on iOS and some Android. Would really like it to work on all Androids :).
Please advise.
Thanks.
Petra V., Champion
- 7794 Posts
- 1391 Reply Likes
Poor Ryan!
Now, he will have to find "certain androids" in wich unspecified "issues" occur, hoping that you really included the access nodes exactly as described, without knowing which "the app" with "my url" you are referring to.
You are aware that helpdesk crews absolutely love mystery meat, right?
Now, he will have to find "certain androids" in wich unspecified "issues" occur, hoping that you really included the access nodes exactly as described, without knowing which "the app" with "my url" you are referring to.
You are aware that helpdesk crews absolutely love mystery meat, right?
- 27 Posts
- 8 Reply Likes
Hey Petra,
Sorry that your having problems retaining the topic of the initial post. The "issue" this post is discussing is obviously about a whitelisting change that is effecting Androids ability to access specified domains. They obviously found something and its obviously not completely fixed yet.
One of the devices still posing an issue is the Motorola DROID Mini.
App ID is #1003200.
If you felt my post needed to be more descriptive you could have just said. Trying to be snide just makes you look like the fool.
Thanks for your input.
Sorry that your having problems retaining the topic of the initial post. The "issue" this post is discussing is obviously about a whitelisting change that is effecting Androids ability to access specified domains. They obviously found something and its obviously not completely fixed yet.
One of the devices still posing an issue is the Motorola DROID Mini.
App ID is #1003200.
If you felt my post needed to be more descriptive you could have just said. Trying to be snide just makes you look like the fool.
Thanks for your input.
ryan, Developer
- 1538 Posts
- 132 Reply Likes
Hi Dustin,
I'd suggest that you start by removing all of your whitelists, in which case the wildcard will be used which should allow all access. Do you still see your issue? If so, what error code do you see in your response?
Also, when providing your App ID, please also provide reproduction steps in your app, so that we can reproduce your problematic request. You can send to build at phonegap.com if you want.
I'd suggest that you start by removing all of your whitelists, in which case the wildcard will be used which should allow all access. Do you still see your issue? If so, what error code do you see in your response?
Also, when providing your App ID, please also provide reproduction steps in your app, so that we can reproduce your problematic request. You can send to build at phonegap.com if you want.
- 27 Posts
- 8 Reply Likes
So do you want me to leave only this:
or this:
Thanks for the advice. I'll shoot an email with reproduction steps now.
<access origin="*" />
or this:
<access origin="*" />
<access origin="http://*/*"/>
<access origin="https://*/*"/>
Thanks for the advice. I'll shoot an email with reproduction steps now.
ryan, Developer
- 1538 Posts
- 132 Reply Likes
What version of Android is running on your problematic device?
Try the full wildcard:
And then run the request again. What is the status code of the response?
Tip: use remote debugging with chrome rather than alerts.
Try the full wildcard:
<access origin="*" />
And then run the request again. What is the status code of the response?
Tip: use remote debugging with chrome rather than alerts.
- 27 Posts
- 8 Reply Likes
The Android version is 4.4, Kitkat.
Will give it anther try now and let you know how it goes.
Thanks for the tip.
Will give it anther try now and let you know how it goes.
Thanks for the tip.
ryan, Developer
- 1538 Posts
- 132 Reply Likes
I'm unable to reproduce, so this is tough for me to debug. But here are some suggestions:
Is only this request failing? Or do requests to all domains fail? Launch your app and try this in the Chrome dev tools console:
Same error?
Also, I don't think
Try some other random requests, with and without JSONP, different domains, etc. Do they always fail?
Is only this request failing? Or do requests to all domains fail? Launch your app and try this in the Chrome dev tools console:
$.ajax({
url: 'http://www.nhl.com',
success: function(data, textStatus ) {
console.log('success!');
}
});
Same error?
Also, I don't think
GETJSONP is a valid request type, though I would assume that this would default to GET so I don't think its the problem, but its a shot in the dark.
Try some other random requests, with and without JSONP, different domains, etc. Do they always fail?
Related Categories
-
PhoneGap Build
- 15111 Conversations
- 275 Followers


