Whitelisting Domains in Cordova (PhoneGap) Android

I don't know the details, but I know its frustrating when you can't see why something does not work. Since I have been spending time (and honestly more than I feel like I should because of things like this) creating native Android Apps using Cordova (formerly known as PhoneGap) navigating the quirks of Android have been consuming large amounts of my time. One that was particularly frustrating, but very easy to solve once I found the problem was accessing Internet API for AJAX calls.

By default all AJAX calls or any calls out to retrieve web resources are blocked by Android. You have to whitelist the domains you wish to communicate to and from. I know this is the common practice for server system admins and is certainly a more secure way to manage applications, but really? Anyway to create a whitelist for your Cordova Android application you need to modify the cordova.xml file. This is in the xml folder you copied from the Cordova Android example to the res folder in your Android Eclipse project. The image to the right shows what the folder tree should look like, with the cordova.xml file selected.

The default settings only allow local pages. There are some examples of how you can add domains to the application's whitelist. You can also specify http or https as well. You can also create an allow all whitelist with the following setting:

<access origin=".*"/>

If you know the exact domain(s) you need to access you can add them explicitly. If you are like me and have the potential to communicate with a variety of domains that can possibly change frequently (my real-world developer and testing environment for example) you can opt for the allow all, like I have. I would caution you to think about tightening this setting for production, when you have a firm grasp of potential resource domains.

The updated cordova.xml file to allow can look like the following:

       access elements control the Android whitelist .
       Domains are assumed blocked unless set otherwise

       <access origin=".*"/>
<!--    <access origin="*"/> --> <!-- allow local pages -->

       <!-- <access origin="https://example.com" /> allow any secure requests to example.com -->
       <!-- <access origin="https://example.com" subdomains ="true" /> such as above, but including subdomains , such as www -->
       <!-- <access origin=".*"/> Allow all domains, suggested development use only -->

    <log level="DEBUG"/>
    <preference name="classicRender" value="true" />

So if are finding yourself stuck trying to troubleshoot connectivity issues making AJAX calls with jQuery using Cordovoa/PhoneGap check your whitelist in the cordova.xml file. If this does not solve your problem you are going to need to do some more digging, sorry.

Share This Article With Your Friends!