Cordova: CSP issue on Android when requesting data over HTTPS

Question

Cordova Android is an Android application library that allows for Cordova-based projects to be built for the Android Platform. Cordova based

Answer 1

@barbu, your fix in just a second.

One of the things that is baffling me is developers going from a "Development IDE" to Google Play. As someone who builds with Phonegap Build, my workflow does not include a cable and 'adb'. Perhaps you can explain the reasoning with this process.

On you issues, you will need to implement the whitelist system. This worksheet should help.
HOW TO apply the Cordova/Phonegap the whitelist system

There is also document that is link from there to the Whitelist CSP Examples. In short, the way it is usually applied is the CSP is expanded from a webbrowser, then that meta element is added to the App. However in your case, you will likely work backwards.

The Fix

Typically, when I give the answer I give the whitelist and CSP. You may be able to start with just the CSP. Best of Luck.

Add this to your config.xml

<allow-navigation href="*" />
<allow-intent href="*" />
<access origin="*" /> <!-- Required for iOS9 -->

NOTE YOUR APP IS NOW INSECURE. IT IS UP TO YOU TO SECURE YOUR APP.
Add the following to your index.html

<meta http-equiv="Content-Security-Policy" 
         content="default-src *; 
                  style-src * 'self' 'unsafe-inline' 'unsafe-eval'; 
                  script-src * 'self' 'unsafe-inline' 'unsafe-eval';">

Sidenote: gap: from what I have right now, is only required for Cordova iOS, SEE: Simon Mac Donald Adds