cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Paveza <>
Subject RE: cross-domain scripting with xDomain and Cordova
Date Mon, 04 May 2015 16:43:07 GMT
Hi Michael, welcome to the list.

I'm not sure I understand your question entirely.  It sounds as if you have an existing web
property in which you're using xDomain.js to make cross-domain script requests, and you want
to understand how to do this within a Cordova app?

When you package your app for deployment onto a device, your app is served from file:// (for
Android and iOS) and from ms-appx:// (for Windows).  To allow cross-domain requests, you have
to specify the <access origin="(origin)" /> tag in config.xml.  Depending on your platform
version, you may also need to specify a CSP - (Content Security Policy)[]
- such as:

script-src 'self';

Cordova templates generally ship with a default CSP presently - you put it into your page
meta tags - so take a look at what is already there.  Some of those are required for Android,
others for iOS, so in general, you probably need to be more permissive than what the default
template specifies.

For more information, you can check out (cordova-plugin-whitelist)[].


-----Original Message-----
From: Michael Gruber [] 
Sent: Monday, May 4, 2015 7:14 AM
Subject: cross-domain scripting with xDomain and Cordova

Dear Ladies and Gentleman,

we have to do cross-domain scripting and use xDomain.js (latest). Because we have to support
old internet explorers (IE 9+). As far as we understand xDomain uses the window.location which
is always file:// in a Cordova-Project v3.8.0. (Android and iOS)

Is there a way to set origin to http:// to allow cross-domain scripting?

Or do you have other suggestions / solutions / ideas to solve this problem?

If we have to move away from xDomain can we use cors?

Best regards,

Michael Gruber, B.Sc.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message