1

I thought this would be a common issue but I can't find an straight-forward answer to this problem. As soon as I included the Crosswalk WebView Engine for Android I'm getting the following Error Message:

"Only secure origins are allowed"

.... Presumably for http requests made to local and external servers (like http://localhost:3000 or https://my.own.server/) using the angular $http service.

What is THE Solution to this issue? After many hours of Googling I'm still clueless about how to solve this issue. Could you please point me in the right direction?

kind regards,

EDIT: This question is not related to permissions given in a server as it has been pointed out, it's actually related to Content Security Policy. As it can be read here, and I quote:

Controls which network requests (images, XHRs, etc) are allowed to be made (via webview directly).

You have to understand that the WebView in this case is Crosswalk (which is Chromium underneath) and I need it to be configured so that I can make requests to both: local servers (http://localhost:3000, etc) and external ones (https://my.own.server). This question is more akin to this one in my opinion.

How do I configure Crosswalk for an Ionic/Cordova app?

Community
  • 1
  • 1
jlstr
  • 2,986
  • 6
  • 43
  • 60
  • Possible duplicate of [Origin is not allowed by Access-Control-Allow-Origin](http://stackoverflow.com/questions/10143093/origin-is-not-allowed-by-access-control-allow-origin) – Dinesh Devkota Aug 24 '16 at 03:16
  • I think the solution is the proxy in ionic CLI. Check [this](http://blog.ionic.io/handling-cors-issues-in-ionic/) – gianlucatursi Aug 24 '16 at 11:39
  • @gianlucatursi Thank you, that actually "did" something. When I set up a proxy, it's now telling me it failed to connect because of Content Security Policy. – jlstr Aug 24 '16 at 16:08
  • @DineshDevkota Not duplicate, please read added EDIT that was made to the Question. Thank you very much nonetheless. – jlstr Aug 24 '16 at 16:09
  • Ok. Now the Problem is in your server. [Here](http://enable-cors.org) you can find the code for enable cors in the backend – gianlucatursi Aug 24 '16 at 16:13
  • @gianlucatursi But I already have CORS enabled in my local and remote servers :( – jlstr Aug 24 '16 at 16:16

1 Answers1

1

If you own the server then the easiest way to handle this is to add response header for:

Access-Control-Allow-Origin: *

Here are some a discussion in Stackoverflow itself.

Origin is not allowed by Access-Control-Allow-Origin

Good luck.

Community
  • 1
  • 1
Dinesh Devkota
  • 1,417
  • 2
  • 18
  • 45
  • 1
    Hi, thank you for your answer. This isn't viable though, the idea for me is to be able to whitelist everything, or at least many 3rd party URLS and more importantly localhost too. – jlstr Aug 24 '16 at 14:24