Refused to connect to any URLs in Cordova android app
I am developing a Cordova Android mobile app. Using Sencha touch as UI framework. within the app im making web service calls. It used to work fine with old version of Cordova, recently upgraded the Cordova proj to 5.0.0, from then on not able to access any of the web services on Newer version of the Android devices. I have included the whitelisting plugin in the project. have also included the following meta tag in index.html
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
config.xml :
<content src="index.html" />
<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
While running the app the following error is thrown,
"Refused to connect to 'http://my-server-url.ss.yy.com:8080/SomeServ/rest/someapp/appdata?_dc=1433398248330' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
Im unable to move forward from here. Tried lot of suggestions on google but of no use. Please guide me with this what is the missing piece here.
Note : within the app im connecting to more than one servers.
thanks in advance!!
Answer
You need to add the servers URL on your meta tag, this way:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' my-server-url.ss.yy.com:8080 data: gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *">
Then connections to my-server-url.ss.yy.com:8080 will be allowed by Security Policy.