By Fabi


2013-07-22 07:26:22 8 Comments

I'm still new to Phonegap and I am working with the Android SDK for some days now. At least I wanted to do a XMLHttpRequest to get data from my server. I knew about the Same Origin Policy before and I asked myself, how this should work with a "native app".

I searched the internet and found some topics, where people were telling others, that there is no Same Origin Policy on Phonegap, because it uses the file:// protocol and additionally there is a domain whitelist in it's config.xml.

On the other hand there were a bunch of topics of people having problems with XHR's and others told them, that this is because of the Same Origin Policy...

Well, I was confused, but I used my - on regular websites - working XMLHttpRequest snippet and put it into the Phonegap app. I tried the virtual device, but my request is not working.

Now I asked myself some questions:

  • Who is right? Is there Same Origin Policy on Phonegap or not?

If yes:

  • What function has that domain whitelist?

  • What's the best way to still get the data of my server?

1 comments

@Sheetal 2013-07-22 08:46:27

Yes, people are correct the Same Origin Policy is needed only in webApps not hybrid phonegap apps.

You need to check you domain whitelist, just check it in the config.xml in res --> xml folder.

For accessing xml web services you need to ensure your soap message is correctly formed. try to catch the exact error.

@Fabi 2013-07-22 09:11:20

At first thank you for your reply! My domain whitelist tells me <access origin="*" /> so there should be access to all websites? So I will have a look at my code... ;)

@Fabi 2013-07-22 12:20:27

I finally found out, that my request didn't work because of my self signed certificate on my local webserver. Taking http instead of https let it work!

@Sheetal 2013-07-23 04:02:16

I am glad it worked!!!

@Mit Bhatt 2013-09-23 12:23:20

Hey @Sheetal I am confused with this.. I also can't call my Webservice.. :( need some good example, googling gonna confuse me..

@Sheetal 2015-12-18 03:32:35

self signed certificate at server will not help the app to make the web service call as it cannot manually provide the credentials required. It has to be a properly signed certificate without manual intervention.

@Michael Burger 2017-08-18 14:09:22

I have a similar problem, I wan't to make a XHR (http) requesto to blabla.com but I get a CORS problem because I have SOP issue. In my opinion domain whitelist doesn't matter with the CORS / SOP problem. right? can someone help?

Related Questions

Sponsored Content

6 Answered Questions

[SOLVED] XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header

17 Answered Questions

29 Answered Questions

[SOLVED] Access-Control-Allow-Origin Multiple Origin Domains?

9 Answered Questions

[SOLVED] Handling cookies in PhoneGap/Cordova

1 Answered Questions

[SOLVED] Same-Origin Policy and serving JS from a CDN

1 Answered Questions

2 Answered Questions

1 Answered Questions

4 Answered Questions

[SOLVED] Same origin policy

Sponsored Content