CORS and phonegap apps

Question

Do phonegap applications require any CORS changes (like setting Access-Control-Allow-Origin:*) to work? I have a restful API hosted on Heroku and was wondering whether I nee

Answer 1

None of the default Cordova (PhoneGap) platforms require CORS, despite the fact that the HTML files are hosted locally (file://) and are accessing a web domain.

However, on iOS, if you switch from the UIWebView to the newer WKWebView via cordova-plugin-wkwebview-engine, you will indeed have to implement CORS.

Answer 2

PhoneGap you can just XHR directly to remote servers and it should "just work". Cross-domain policy does not apply to PhoneGap (for a variety of reasons, basically because your app is essentially running off the file:// URI on-device).

Please be aware that you will have to set up a whitelist for your apps to access these external domains. Please check this link:

http://docs.phonegap.com/en/1.8.0rc1/guide_whitelist_index.md.html#Domain%20Whitelist%20Guide

Answer 3

Yes You have to activate CORS on he server that hosts your API. I am running a Phonegap App on iOs. My app requests json from a server API on Apache. I activate CORS on the server to get the data otherwise I get nothing in my application, no error and no data.

Notice that the access parameter in the config file lets you filter which domain your application is authorized to query but does nothing with the server's permissions.

Answer 4

As of cordova 5 you will need to add the whitelist plugin

https://github.com/apache/cordova-plugin-whitelist

In config.xml add

<!-- Don't block any requests -->
<access origin="*" />