Cordova AJAX calls fail only on release build

Question

I'm developing a Cordova app for android, and I have a strange issue about jquery ajax calls: the debug build have no problem, while in the release one each ajax call fails with an error. If I run on device using USB everything is fine. If I compile the app in debug mode, copy and install it on the device, everything is fine.

If I compile the app in release mode and sign it for release using jarsigner and zipalign, and copy and install it on the device, the same ajax call fail with readyState 0, responseText empty, status 0 and statusText "error".

I spent a week searching and trying all the similar problems found on stackoverflow and google, but nothing changed. This thread subject is similar, but my SSL certificate seems to be ok and there's no other solutions provided: Ajax calls fail when running Android Cordova app in Release mode

Cordova version is 6.5 (but I had the issue in the 6.4 too).

This is the ajax call in the app:

glang = window.localStorage.getItem('glang');

show_loader();

$.support.cors=true;
$.ajax({
  url: "https://app.laureatedesign.com/wp-content/plugins/designnews/ajax_langs.php",
  data: "act=aj_app_lng_lst&lang="+glang+"&xend=x",
  type: "POST",
  dataType: "json",
  timeout: 10000,
  success: function(results) {
      if (results["TYPE"]=="OK") {
          $('#main').html(results["CONTENT"]);
          $('#main').imagesLoaded( { },
            function() {
              show_content();
            }
          );
      }
      if (results["TYPE"]=="ERR") {
          show_error();
      }
      },
  error: function(XMLHttpRequest, status) {
     console.log(status);
     switch(status) {
      default:
          show_error();
       break;
      case "timeout":
          show_error();
       break;
     }
  }
});

By all means the ajax file ajax_langs.php on server can be simplified as follows:

<?php
  $res = array("TYPE"=>"OK", "CONTENT"=>"Test");

  header('Access-Control-Allow-Origin: *');
  header('Access-Control-Allow-Methods: GET, POST');
  echo json_encode($res);
?>

This is my config.xml:

<?xml version='1.0' encoding='utf-8'?>
<widget id="com.naba.designnews" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
    <name>APPTITLE</name>
    <description>
        DESCRIPTION
    </description>
    <author email="EMAIL" href="WEBSITE">
        AUTHOR
    </author>
    <content src="index.html" />
    <plugin name="cordova-plugin-whitelist" spec="1" />
    <plugin name="InAppBrowser" value="org.apache.cordova.InAppBrowser" />
    <plugin name="InAppBrowser" value="CDVInAppBrowser" />
    <allow-navigation href="*" />
    <allow-navigation href="*://*youtube.com" />
    <access origin="*" />
    <access origin=".*" />
    <access origin="*.pushwoosh.com" />
    <access origin="http://*" />
    <access origin="https://*" />
    <access origin="https://laureatedesign.com" subdomains="true" />
    <allow-intent href="http://*" />
    <allow-intent href="https://*" />
    <allow-intent href="http://*/*" />
    <allow-intent href="https://*/*" />
    <allow-intent href="tel:*" />
    <allow-intent href="sms:*" />
    <allow-intent href="mailto:*" />
    <allow-intent href="geo:*" />
    <preference name="windows-target-version" value="10.0" />
    <preference name="StatusBarOverlaysWebView" value="false" />
    <platform name="android">
        <allow-intent href="market:*" />
    </platform>
    <platform name="ios">
        <allow-intent href="itms:*" />
        <allow-intent href="itms-apps:*" />
    </platform>
</widget>

I added the whitelist-plugin. In index.html file I have this meta:

<meta http-equiv="Content-Security-Policy" content="default-src * 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; script-src * 'self' 'unsafe-inline'; connect-src * https: http:">

I tried also to remove android platform and add it again. No changes.

As I said in debug mode everything is fine and all ajax calls returns successfully. In order to publish the app on Google Play I am proceeding signing and creating the package as follows:

1) cordova build android --release

2) jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore "PATH-TO-APP/APP.keystore" "PATH-TO-APP/platforms/android/build/outputs/apk/android-release-unsigned.apk" designnews

3) zipalign -v 4 "PATH-TO-APP/platforms/android/build/outputs/apk/android-release-unsigned.apk" "PATH-TO-APP/platforms/android/build/outputs/apk/AppTitle.apk"

I'm aware this is a cross-domain call involving CORS and all this stuff. But why the debug version is ok while the release one is not?

Please help, thanks in advance.

Answer 1

i know its´s a 3 years old question but after a deep searching a found the solution and a i want to share it.

I had the same issue you report, an the solution was so simple;

1º - You need to run "cordova prepare android" to get java binaries.

2º - Open the code that output that command on Android Studio, navigate on folder manifests/AndroidManifest.xml

3º - There is a called "application", you only need to add android:usesCleartextTraffic="true"

4º - Build and sign your app, now it should run ajax without any trouble!