Do phonegap support Cors?

Question

I am newbie to phonegap. I am trying to run an AngularJs app inside phonegap. At the server side I am using Apache tomcat 7 CORS filter and Rest.When I run the app from browser it works fine. but at the moment I run the app with phonegap in ios or android, the GET request works fine but the post request gives 403 Forbidden response. I can see inside the request "Origin" header value to file://. I think the problem lies here.

My tomcat Cors filter configuration is:

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>customer,user,Delay,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>cors.preflight.maxage</param-name>
        <param-value>10</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

And this is what I get when I do post request from client:

Request URL:http://134.0.12.789:8081/test/rest-api/testing/add
Request Method:PUT
Status Code:403 Forbidden
Request Headersview source
Accept:application/json, text/plain, */*
Content-Type:application/json;charset=UTF-8
customer:Xyz
Origin:file:// 
user:user1
User-Agent:Mozilla/5.0 (Linux; Android 4.4.2; Nexus 7 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
Request Payloadview source
{quantity:0.5, unit:KG, product:5791}
quantity: 0.5
unit: "KG"
product: 5791
Response Headersview source
Content-Length:0
Content-Type:text/plain
Date:Wed, 23 Jul 2014 10:43:14 GMT
Server:Apache-Coyote/1.1

Also my both www/config.xml and platform/android/res/xml/config.xml has <access origin="*" /> line added to it.

CORS is also enabled in angular.js by adding the following lines to app.js:

$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];

If someone faced this problem before, Please help me out with this.

I have the exact same problem. I checked /config.xml, and /platforms/android/res/xml/config.xml, and both files have the . Still doesn't work. My server access log is reporting: - - [25/Jul/2014:22:27:15 +0000] "PUT /service/route HTTP/1.1" 403 5 - - [25/Jul/2014:22:34:45 +0000] "GET /service/some-route HTTP/1.1" 200 13 - - [25/Jul/2014:22:35:02 +0000] "POST /service/some-other-route HTTP/1.1" 403 5 - - [25/Jul/2014:22:36:24 +0000] "GET /service/another-route HTTP/1.1" 200 889 — ezabaw, Jul 25 '14 at 22:47
So what did you do to overcome this problem? Is there anything that I am missing somewhere. I spent a lot of time to make it work but nothing seems to work. — Bil, Jul 28 '14 at 10:09
As your server responds 403 Forbidden, it seems it's a server configuration issue, make sure the url is reachable (maybe check apache conf file if you're using apache+tomcat?). When you have CORS issue, the server responds normally but the browser blocks the response. — QuickFix, Jul 28 '14 at 12:23

score 2 · Answer 1 · answered Jul 25 '14 at 12:29

2

Yes it does, all you have to do is add this line on your config.xml file :

<access origin="http://example.com" />

You can also do this :

<access origin="*" />

But it's safer to specify the domain you're sending requests to.

If you need more information check this page on the PhoneGap doc.

answered Jul 25 '14 at 12:29

Kaz

718
1
7
20

I have "" line already added in platforms/andoid/config.xml and also in www/config.xml in phonegap but its the same even after that. – Bil Jul 28 '14 at 10:06
Also if it is the problem of then even the GET method should not be working as it wont accept that origin and I would be getting 404 error. but its more worse when GET works but other methods doesn't. I have tried almost every possible thing but cant find anything useful. – Bil Jul 29 '14 at 08:46
The problem must not be from the Phonegap client side, but from your tomcat server configuration. – Kaz Jul 29 '14 at 09:52

score 1 · Answer 2 · answered Mar 15 '17 at 14:05

The solution of Taher solved my problem with PhoneGap+jQuery accessing a tomcat web-service. Just included the referenced java code (https://github.com/sebastienblanc/cors-filter/blob/master/src/main/java/org/ebaysf/web/cors/CORSFilter.java#L825) in my project and added the next lines to the web.xml of the project. Redeployed it and that's it. (No corsFilter needed in Tomcat's web.xml.) Now it works both for PhoneGap requests and browser request. This definitively is some TomCat (or PhoneGap?) bug.

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>myDeploymentName.CORSFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>false</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

score 0 · Answer 3 · answered Aug 15 '14 at 08:13

0

I changed the tomcat filter in my server. I modified the Origin header of the request inside my custom filter and it works. I dont know wether this is the right way to do things but I this is the only thing to get it working.

answered Aug 15 '14 at 08:13

Bil

41
1
5

Could you pls post example, how did you modify it? – Andrew Kovalenko Nov 05 '14 at 01:03
1

this is the workaround that I had to add in my filter on server for the file:// origin headers: if (origin == null || origin.isEmpty() || origin.equalsIgnoreCase("file://")) { request.addHeader("Origin", "http://localhost:9090"); } – Bil Mar 14 '15 at 19:16

score 0 · Answer 4 · answered Jul 07 '16 at 13:24

Given below is the code in Tomcat CORS filter, so new URI with Origin as "file://" throws URISyntaxException which results in 403

protected static boolean isValidOrigin(String origin) { URI originURI; try { originURI = new URI(origin); } catch (URISyntaxException e) { return false; } return originURI.getScheme() != null; }

Someone has tried to override this filter in the below link. https://github.com/sebastienblanc/cors-filter/blob/master/src/main/java/org/ebaysf/web/cors/CORSFilter.java#L825

Do phonegap support Cors?

4 Answers4