Closed tada123 closed 6 months ago
The error is standard browser behaviour, which disallows mixed content. In otherwords, if you're on a secure origin, then you can't request non-secure resources.
Natively there is a way to disable/allow mixed content, but Cordova doesn't expose it this option. Cordova doesn't have a MixedContentMode
preference (I believe that is an ionic webview thing specifically). Though I'd have no objection to have this preference added (PR is welcomed!)
You may be able to workaround this issue by using http://
scheme instead.
<widget ...>
...
<platform name="android">
<preference name="scheme" value="http" />
</platform>
</widget>
This should put your webview origin at http://localhost
and it will be considered an insecure context, allowing you to fetch resources from other insecure origins, but will have the caveat of disabling other web features.
Note that other browser security features will still apply including:
Let me know if this helps.
Ok, the http scheme worked without problems. Thank you for help :+1:
Bug Report
Problem
What is expected to happen?
Should accept (or at least have an option) to support non-ssl requests.
What does actually happen?
Chromium (inspected WebView) error message: Mixed Content: The page at 'https://localhost/index.html' was loaded over HTTPS, but requested an insecure image 'http://192.168.100.20/img.jpg'. This request has been blocked; the content must be served over HTTPS
Information
Cordova 11
Added:
<meta http-equiv="Content-Security-Policy" content="default-src * gap: ws:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; style-src 'self' 'unsafe-inline' *"/>
to head section ofindex.html
Added
<preference name="MixedContentMode" value="allow" />
toconfig.xml
But still unable to send non https request (or load an image from
http://
)Command or Code
<img src="http://192.168.100.xx/image.jpg"></img>
ORfetch("http://192.168.100.20/img.jpg")
Environment, Platform, Device
Moto G5 potter (Android 8.0 aarch64)
Version information
Checklist