Showing results for 
Search instead for 
Did you mean: 

Cordova whitelist, setting the configuration at runtime?

Hello, I think I have a pretty unique issue here:

In my build settings, for Cordova Android Whitelist and respectively Cordova iOS Whitelist, all my settings are made to be '*' without the quotation marks. I expected it to allow me then to connect to anything I wanted. However, it did not.

Therefore, I added <meta http-equiv="Content-Security-Policy" content="default-src.......etc> to the html files I needed to. It worked; it allowed me to connect to my local server and keep developing.

Recently, the Internet connection in my office has been unstable and through a good number of resets and reconfigurations, the IP address I need to connect to with the device keeps changing which means I have to change the IP address on each of those meta tags on several files.

The end question is, is there a way to add a new meta tag or update the previous one at runtime? My attempt to add a new one failed. Have any of you run into this issue?


What you see above is what is AFTER I add the local address of the server. If I just have the top section in from the start, it works fine.

Is it just a matter of not being allowed to change security policies at runtime?

Tags (2)
0 Kudos
1 Reply

Interesting, you can probably change that <meta> line in the index.html head using some standard JavaScript, I've seen such things done to dynamically add script tags or viewport tags, but it is unclear if changing that line would then dynamically change the way the CSP rules are interpreted by the runtime engine. In other words, does the runtime read the CSP rule only once? And if not, what do you have to do to get it to reread the rule.

This is a question that is outside the scope of control of the XDK, it is a runtime question. I recommend you search StackOverflow and some other places to see if someone has run into this. Specifially, search for CSP and Cordova (the XDK creates Cordova apps).