-
Notifications
You must be signed in to change notification settings - Fork 756
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accessing cdvfile:// from http://[network-url] in ajax throws CORS policy error on Android #352
Comments
Have you tried sending the cdvfile path into a toNativeURL() call to get back a valid url you can then use in the ajax call? Think it'll convert from a cdvfile path to a file:/// path |
I've tried toUrl and toNativeURL (deprecated) but i get the same error as long as the allowed schemes are "http, data, chrome, https". |
sorry that didnt work, not sure |
Why don't you use the actual file reader APIs instead of XHR? XHR is intended to make requests to remote servers, not to "download" local files. https://github.com/apache/cordova-plugin-file#read-a-file- Not 100% confident, but I don't believe there is a way in the android sdk to disable cors in the webview. |
I do download the file from remote API (this part works) and I store it for offline usage. I've tried using a file reader, but reading files is very slow (the files are huge). The workaround (ugly) I'm thinking about is to edit the JSON, prepend a function call and load it through jsonp. |
I briefly did some research and it looks like disabling CORS from the webview is not possible... but looks like it is possible to get around that by intercepting requests as shown here And in case the link goes away, I'll post the example: public class OptionsAllowResponse {
static final SimpleDateFormat formatter = new SimpleDateFormat("E, dd MMM yyyy kk:mm:ss", Locale.US);
@TargetApi(21)
static WebResourceResponse build() {
Date date = new Date();
final String dateString = formatter.format(date);
Map<String, String> headers = new HashMap<String, String>() {{
put("Connection", "close");
put("Content-Type", "text/plain");
put("Date", dateString + " GMT");
put("Access-Control-Allow-Origin", /* your domain here */);
put("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");
put("Access-Control-Max-Age", "600");
put("Access-Control-Allow-Credentials", "true");
put("Access-Control-Allow-Headers", "accept, authorization, Content-Type");
put("Via", "1.1 vegur");
}};
return new WebResourceResponse("text/plain", "UTF-8", 200, "OK", headers, null);
}
} // WebViewClient
@Override
@TargetApi(21)
public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
if (request.getMethod().equalsIgnoreCase("OPTIONS")) {
return OptionsAllowResponse.build();
}
return null;
} Not sure if this will work at all, and I can't promise when I'll have time to experiment with this. |
How large of a file are we talking about? In one of my apps, I read/write JSON files of approximately 50mb, but sometimes upwards of 100mb with no significant slowdown. I do use the deprecated file transfer plugin to avoid reading the data in the javascript environment though. But the data is recorded and JSON stringified in javascript for the initial write. |
My files are smaller, 10-15MB but the reading takes up to 4 seconds on my (old) test device using just the file plugin. If I don’t find any alternative I’ll conform with that. PS: thanks for investigating further! |
Finally I opted for the script embedding mechanism:
it's still slow (I assume it's my device) and ugly. But it's a little faster then the read implementation and probably more solid. It's silly I can load and run a fully functional script but I can't load a simple json object from the same source / protocol. |
Glad you found a workaround. I'm going to add the help wanted label to this ticket. I think it's still worth investigating on request intercepts to see if it can be used to allow |
@Lindsay-Needs-Sleep I'm facing a lot of troubles. |
@vitto32 Here are a couple ways that could work:
|
@Lindsay-Needs-Sleep thanks! Android I solved it using a slightly different version of PR #322 (i used the url format proposed in #296). It seems to work smoothly even if my www folder is on a remote host. I haven't tested it yet in prod mode (www folder under file://) but I'm pretty confident it will work. iOS I'm using
everything started from your precious links to PR and Issues dealing with this. Thanks! |
Hi, Try this solution: Search the code for the following line: (might be in several files, so do it for all of them) And add the following two lines after it:
|
Since Cordova 10 Android template does all requests via https how is cvdfile:// access via browser supposed to work now. We needed to upgrade and have found ourselves stuck on this issue. All imgs from webview that were cached can no longer be rendered. I've tried so many hacks at this but setting a host in config.xml and using android intended behaviour just means we are stuck at accessing the cvdfile protocol. Is this right, or are we doing something wrong. ionic cordova webview is not compattible with our other plugins for encryption and I don't understand how IOS allows access while android doesnt. Is this plugin just broken in Cordova Andoid 10? |
While developing I run my app on an Android device. The app is served from a network url using cordova-plugin-webpack LiveReload (HMR) feature.
I've successfully implemented a download mechanism of JSON files and Audio files.
I can embed the downloaded audio file using
cdvfile
protocol (obtained through.toInternalURL
) but I can not get the JSON files using Ajax requests because of this error:Recap:
I have
<access origin="*" />
and also tried<access origin="cdvfile://*" />
in config.xmlI have
<allow-navigation href="cdvfile:*" />
CSP is set as follow:
Any help would be appreciated
The text was updated successfully, but these errors were encountered: