I am creating a Hybrid mobile app using Phonegapp/Cordova. I need to load an external resource on an iframe from a third-party API (have to use iframe due to limitations in the API's documentation).
In Cordova, the iframe's referer is not sent.
The third-party API checks for domain validation using HTTP referer. The setup works perfect when tested on browser, both in local environment (i.e. in localhost) and also in server. This cancels out the possibility of being locked to a particular domain, as it runs in local as well.
The problem occurs is in the app version in Cordova, Cordova is not sending any referer data to the third party, and thus, the third party is not authenticating the request.
I have tried a few workarounds and digging.
A. I tried creating the iframe programmatically and setting the refer data. But still it doesn't send the referer data.
var iframe = document.createElement("iframe");
iframe.id = "modelframe";
iframe.src = "https://www.whatismyreferer.com";
iframe.style="height:400px; width:500px;";
iframe.referrerPolicy = "origin";
document.querySelector('#framecontainer').appendChild(iframe);
B. I set the <access origin="*" /> tag in config.xml, still no result.
C. I set <meta name="referrer" content="unsafe-url"> in the HTML, but same, no change.
D. I've checked this answer, which I found is similar to my question, and also tried the link which the answer redirects to (another thread) here. But I don't know how to implement this custom header in Cordova/Phonegapp.
All I need to do is to be able to set the referer data to be sent to the third party in the iframe.
