I know, that there are more topics about this and I got through them, but nothing worked, so that is why I am writing the new one:
I am trying to create AJAX read request on Android platform (but iOS is planed too). Every try ends up with some error.
What I have done:
1) I have cordova whitelist plugin installed (comes with cordova installation)
2) I have various definitions in config.xml, last definition of each type (access, allow-intent, allow navigation) is set to * for testing purposes
3) I have (I think) all allow access definitions in \platforms\android\app\src\main\AndroidManifest.xml
4) I have tried various html meta tags
5) I have tried removig and re-adding android platform
6) I have tried to restart mobile device
7) I have tried mobile data, wifi, even both of them
8) ajax request is over http, not https
9) ajax request is in linked testAjax.js in $(document).ready(...)
About theese meta tags:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' *">
<!-- This policy allows everything (eg CSS, AJAX, object, frame, media, etc) except that
* CSS only from the same origin and inline styles,
* scripts only from the same origin and inline styles, and eval()
-->
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
gets the same as above.
<!-- Good default declaration:
* gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
* Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
* Enable eval(): add 'unsafe-eval' to default-src
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' http://mytestdomain.com data: gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src *">
I tried quite a few more, but there is always one of theese 3 errors
Also, here is my config.xml:
<?xml version='1.0' encoding='utf-8'?>
<widget id="com.TG.app" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>TG</name>
<description>
A sample Apache Cordova application that responds to the deviceready event.
</description>
<author email="dev@cordova.apache.org" href="http://cordova.io">
Apache Cordova Team
</author>
<content src="index.html" />
<access origin="http://mytestdomain.com" />
<access origin="http://mytestdomain.com/*" />
<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<allow-intent href="gap:*" />
<allow-intent href="*" />
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />
<allow-navigation href="http://mytestdomain.com" />
<allow-navigation href="*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
</platform>
<plugin name="cordova-plugin-googlemaps" spec="^2.2.5">
<variable name="API_KEY_FOR_ANDROID" value="mykey" />
<variable name="API_KEY_FOR_IOS" value="mykey" />
<variable name="PLAY_SERVICES_VERSION" value="11.8.0" />
<variable name="ANDROID_SUPPORT_V4_VERSION" value="24.1.0" />
</plugin>
<preference name="Orientation" value="portrait" />
<plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
<engine name="browser" spec="^5.0.3" />
<engine name="android" spec="^7.0.0" />
</widget>
In Android manifest I have
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
So any idea, what is wrong here and how to make it working? (Even if everything will be open, security is not a question here, I just need to make it work in any way)
Thanks in advance :)