$.ajax POST returning “status”:403,“statusText”:“Forbidden” cordova android

Question

I am developing Android phonegap application with jquery.mobile-1.4.3.js and cordova.3.5.0.

i am calling $ajax for web service. below is a code snippet.

<         


        

Answer 1

Do you have the domain you'r trying access on the allowed domains for your APP? You can set this on comfig.xml.

Answer 2

1. ensure the server code returns a CORS header granting access from other sites:

eg: header('Access-Control-Allow-Origin: *');

2. ensure "ModSecurity" is disabled on your server (if you have cPanel access you should be able to do that via cPanel / Security or something like that)

3. ensure you have the cordova whitelist plugin installed (use the "legacy" plugin for cordova pre v5.0.0):

   $ cordova plugin add cordova-plugin-legacy-whitelist

4. setup a very open whitelist in your cordova config.xml:

   <allow-intent href="*" />

   <access origin="*" />

5. setup a Content Security Policy in your index.html:

   <meta http-equiv="Content-Security-Policy" content="default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline' ; media-src *;">

This makes everything WIDE open, whereas the point of cross-origin-domains, whitelisted URL request, and content security policies is to restrict cross-domain access. I'll leave it as an exercise to research and restrict the security down, after you get the thing working.

I hope this helps.

References:

https://github.com/apache/cordova-plugin-whitelist#content-security-policy https://cordova.apache.org/announcements/2015/04/21/plugins-release-and-move-to-npm.html http://content-security-policy.com/