I am using cordova to create a android app and i am using php-mysql as backend.
I am fetching/sending data from database by ajax.
As you know we can't fetch the data directly due to CORS issue.
to fetch the data remotly we need to add
header("Access-Control-Allow-Origin: *");
Problem is it makes my backend exposed. Because any one can try to fetch the data from backend. Which i don't want.
Please advise how can i make it secure.
Thanks
分享 You can remove header("Access-Control-Allow-Origin: *"); from your backend service.
After that for your cordova application you need to install whitelist plugin and to config it.
Add this in your config.xml:
<access origin="*" />
<allow-navigation href="*"/>
Include Content-Security-Policy meta in your html page.
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data:">
