Error Failed to execute 'open' on 'XMLHttpRequest' : Refused to connect 'http://192.168.XX.XXX:8080/TestApp/addRole/ : Ionic

Question

Facing error while calling rest api in ionic. If I run on browser firefox or chrome then it working fine.. But When I run On android device then it gives following error:

Error: Failed to execute 'open' on 'XMLHttpRequest': Refused to connectto 'http://192.168.XX.XXX:8080/TestApp/addRole/' becuase it violates the document's content security Policy
at Error (native( at file:///android_asset/www/lib/ionic/js/ionic.bundle.js:23357:16

How can I solve this issue

If I set following meta tag in index.html as follow then got error in chrome and android device..Not in firefox

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">

On my rest service i set header as follow

responseHeaders.add("Access-Control-Allow-Origin", "*"); responseHeaders.add("Access-Control-Allow-Headers", "Content-Type");

I also install whitelist plugin but no luck

How can I solve this issue? please help

Answer 1

On Android you need to set a content-security-policy meta tag in your <head> @ index.html.

It would look something like this:

<meta http-equiv="Content-Security-Policy" content="default-src * 'self' 'unsafe-inline' data: gap: 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; connect-src * ; script-src * 'self' 'unsafe-inline'; media-src *">

In this occasion there is a lot of unsafe and unnecessary tags which allow almost anything but you can read more about them for example in here:

Cordova whitelist plugin content security policy

In the same page there are also explanations for other stuff like network request whitelist.

Hopefully this gets you through your problems.