Im using Cordova 5.0.0 and cordova-plugin-whitelist 1.0.0 and im deploying to Android 5.1 on a Nexus 5 phone.
This is what my config.xml looks like (note that im using a remote source in the content tag (as in not local to the phone), dont know if thats relevant or not):
<access origin="*" />
<access origin="http://remotedomain.com" />
<content src="http://localdomain.com/app.html" />
EDIT: content src is relevant! tried running my app normally from a local source by setting <content src="app.html"> and everything works! Hmm. So is it impossible to use a remote src? I'd very much like to during development as it allows for a much faster write run debug cycle.
This is what my CSP looks like:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' remotedomain.com www.remotedomain.com * 'unsafe-inline'">
I know, vulnerable. Im just testing and just want to see it working as a first step.
My problem: XHRs to remotedomain.com are blocked by Chrome. This is what i see in the Chrome console which i connect to my phone using chrome://inspect/#devices
XMLHttpRequest cannot load http://remotedomain.com/resource. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localdomain.com' is therefore not allowed access.
I have no control over remotedomain.com and there is no JSONP or CORS, its just a html page. How can i make XHRs to it from my app?
EDIT: content src is relevant! tried running my app normally from a local source by setting <content src="app.html"> and everything works! Hmm. So is it impossible to use a remote src? I'd very much like to during development as it allows for a much faster write run debug cycle.
