I am having an issue with my app once its built and deployed onto a physical device. All the AJAX calls work fine in the emulator and app preview but I am getting the "Request was denied for Security" error. Its starting to drive me slightly insane! So any help would be greatfully received...
I've got all these included:
<access origin="*"/> <allow-intent href="http://*/*"/> <allow-intent href="https://*/*"/> <allow-intent href="tel:*"/> <allow-intent href="sms:*"/> <allow-intent href="mailto:*"/> <allow-intent href="geo:*"/> <allow-intent href="market:*"/> <allow-intent href="*"/> <allow-navigation href="https://*/*"/> <allow-navigation href="http://*/*"/> <allow-navigation href="data:*"/> <allow-navigation href="*"/>
I've also tried this CSP tag
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' data: blob: filesystem: ws: gap: file: cdvfile: https://ssl.gstatic.com *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; child-src *; ">
I've got very little hair as it is, and I am quickly losing more ;)
Try removing the CSP rule from your index.html and rely only on the whitelist rules. Also, try debugging with a built app on your device, using the remote CDT technique described here > https://software.intel.com/en-us/xdk/docs/using-remote-chrome-devtools-to-debug-android-cordova-apps <
Thanks for the reply Paul, but still having no joy. I removed the CSP, and just re-tried with the basic included whitelisting and that didn't work. So I then tried with the CSP rule from the other thread and still no joy :(
Remote debugging isn't detecting the device, lookd like some driver issues. Any other ideas?
Just looking into this a little bit more, but an AJAX call works to a different server ok, just not to my own API server. But the calls work ok to my API in the emulator and app preview. There arent any SSL error's the certificate looks ok.