CORS and phonegap apps

jcm picture jcm · Jan 23, 2014 · Viewed 47.4k times · Source

Do phonegap applications require any CORS changes (like setting Access-Control-Allow-Origin:*) to work? I have a restful API hosted on Heroku and was wondering whether I need to set this header in order for my phonegap application to call the service?

I was thinking that because the phonegap application isn't really hosted on a domain, then CORS isn't required and I won't get any cross domain issues?

It would be great if someone could explain to me why this is or isn't the case.

Answer

user3225827 picture user3225827 · Jan 23, 2014

PhoneGap you can just XHR directly to remote servers and it should "just work". Cross-domain policy does not apply to PhoneGap (for a variety of reasons, basically because your app is essentially running off the file:// URI on-device).

Please be aware that you will have to set up a whitelist for your apps to access these external domains. Please check this link:

http://docs.phonegap.com/en/1.8.0rc1/guide_whitelist_index.md.html#Domain%20Whitelist%20Guide