Unable to load external source files with Android 12, but no problem in the latest iOS.

[SailingSteve]

Bug Report

Problem

Using Android 12, I can't load javascript or css files within my app. My app has been in in the Google and Apple stores for 4 years and is working fine.

This same code and configuration works fine for iOS.

What is expected to happen?

Tried to load jQuery (as an example) from index.html and when that failed, I tried to load it from index.js after the deviceready event had fired. Both experiments failed.

What does actually happen?

Both fail with a Failed to load resource: net::ERR_CONNECTION_REFUSED

Information

To simplify reproduction, I built the "get ready" example.

Command or Code

% cordova create test2023b % cd test2023b % cordova platform add android

Added to config.xml: <preference name="android-buildToolsVersion" value="34.0.0" />

% cordova run android

The app starts in the simulator, but the console.log reports: cordova_plugins.js:1 Failed to load resource: net::ERR_CONNECTION_REFUSED index.js:27 Running cordova-android@12.0.0 favicon.ico:1 Failed to load resource: net::ERR_CONNECTION_REFUSED

I added "'unsafe-inline' 'unsafe-eval'" to the "Get Started" Content-Security-Policy in index.html, but there was no change. I have a CSP that is currently working in my released app with 6 month old libraries. Using this "released" CSP had no effect:

<meta http-equiv="Content-Security-Policy" content="
  default-src * wevotetwitterscheme: data: content: gap: https://ssl.gstatic.com;
  img-src *  https://*.twimg.com https://*.twitter.com/ data: https: blob: android-webview-video-poster: ;
  style-src * https://*.twimg.com 'unsafe-inline';
  script-src 'self' http://*  'unsafe-inline' 'unsafe-eval';
  frame-src http://*.facebook.com https://*.facebook.com https://*.facebook.com https://*.twitter.com https://twitter.com https://*.vimeo.com  https://*.googlevideo.com https://*.youtube.com gap: 'unsafe-inline';
  child-src gap://* ;
  font-src *;
  media-src *;
" />

Then I tried an experiment to load jQuery from index.html by adding <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> before the </body>

And the results from the console log were:

cordova_plugins.js:1 Failed to load resource: net::ERR_CONNECTION_REFUSED cordova.js:1237 deviceready has not fired after 5 seconds. cordova.js:1230 Channel not fired: onDOMContentLoaded jquery.min.js:1 Failed to load resource: net::ERR_NAME_NOT_RESOLVED index.js:27 Running cordova-android@12.0.0 favicon.ico:1 GET https://localhost/favicon.ico net::ERR_CONNECTION_REFUSED

I also tried adding <access origin="https://ajax.googleapis.com/*" /> <access origin="https://localhost/*" />

with no effect.

Environment, Platform, Device

Mac OS 13.4.1 (c) Simulator for a Pixel 6 Pro

Version information

12.0.0 (cordova-lib@12.0.1) android 12.0.0 For this example: no plugins, plain Cordova, and only Android from a CLI "run" with no Android Studio.

Checklist

• [x] I searched for existing GitHub issues
• [x] I updated all Cordova tooling to most recent version
• [x] I included all the necessary information above

[breautek]

This shouldn't be a related to CSP. A CSP related block is pretty explicit. It will say something like

Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js' because it violates the following Content Security Policy directive: "default-src 'self' data: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

ERR_NAME_NOT_RESOLVED usually indicates a DNS issue, which generally indicates a networking issue (either client or server). It means that either the DNS server couldn't or didn't respond quick enough, or the DNS server doesn't have an entry for the domain you're trying to resolve. ERR_CONNECTION_REFUSED also generally indicates a networking issue on the client side.

I've tested adding script tag for https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js in a hello world cordova app and it loads fine for me. The default template will block the host but you can simply add it to the default-src for testing.

Client side networking issues could include:

• router issues
• firewall issues
• corporate networks (and their firewalls/routing configuration)
• VPNs (and their firewalls/routing configurations)

Note that for the local files, like favico.ico a ERR_CONNECTION_REFUSED is raised because that is handled by the asset loader which we will throw an error if the file doesn't exist, which it likely doesn't (unless if you actually specify one). This also applies for cordova_plugins.js file, which doesn't exist unless if you have installed at least one plugin. Neither of these errors should prevent the deviceready or DOMContentLoaded events from firing.

[SailingSteve]

Thank you, this allowed me to find my problem. On my Mac, in System Settings > Network, I clicked on the "Details" button of my WI-FI connection, and removed the DNS settings (which must have come from my ISP), and changed it to Google's at 8.8.8.8 and it started right up.