search

drrasic / ionic_twitter_feed

Application-only authentication implemented in Ionic Framework, for displaying custom Twitter timelines
18 stars 10 forks source link

CORS issue while running in browser after installing whitelist. #5

Open gurindernarang opened 8 years ago

gurindernarang commented 8 years ago

cors twitter If i run the same API on a REST CLIENT, it returns a proper response.

chsxe commented 8 years ago

Can you be more specific with your problem? Perhaps this POST is the problem... /oauth2/token HTTP/1.1

gurindernarang commented 8 years ago

After installing the whitelist pugin and adding meta tag in index.html <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' data: gap: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"> still there is CORS issue in the application. i m using following versions : ionic version 1.7.15 cordova version 6.2.0 npm version 3.5.2

On 27 July 2016 at 03:20, chsxe notifications@github.com wrote:

Can you be more specific with your problem? Perhaps this POST is the problem... /oauth2/token HTTP/1.1

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/drrasic/ionic_twitter_feed/issues/5#issuecomment-235416699, or mute the thread https://github.com/notifications/unsubscribe-auth/AKBjhO_NRkQdeQNUv_2Powm9jvFeZn6Hks5qZoEYgaJpZM4JU2Rv .

chsxe commented 8 years ago

I am not too sure, but I checked it against the code and you have "data: gap" in the meta tag, is this intentional?

gurindernarang commented 8 years ago

yes, data: is used to allow loading resources via data scheme and gap: is required in iOS(when using UIWebView).

On 27 July 2016 at 15:21, chsxe notifications@github.com wrote:

I am not too sure, but I checked it against the code and you have "data: gap" in the meta tag, is this intentional?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/drrasic/ionic_twitter_feed/issues/5#issuecomment-235539960, or mute the thread https://github.com/notifications/unsubscribe-auth/AKBjhF2jSHEYT3fNi6POkYyF5epnyp6wks5qZyoJgaJpZM4JU2Rv .

drrasic commented 8 years ago

If running it browser have you tried spoofing the CORS header with something like this plugin for Chrome. CORS

Or just build it on a device. It still works this way for me.