CORS and phonegap apps

Do phonegap applications require any CORS changes (like setting Access-Control-Allow-Origin:*) to work? I have a restful API hosted on Heroku and was wondering whether I need to set this header in order for my phonegap application to call the service?

I was thinking that because the phonegap application isn't really hosted on a domain, then CORS isn't required and I won't get any cross domain issues?

It would be great if someone could explain to me why this is or isn't the case.

Solution 1:

PhoneGap you can just XHR directly to remote servers and it should "just work". Cross-domain policy does not apply to PhoneGap (for a variety of reasons, basically because your app is essentially running off the file:// URI on-device).

Please be aware that you will have to set up a whitelist for your apps to access these external domains. Please check this link:

http://docs.phonegap.com/en/1.8.0rc1/guide_whitelist_index.md.html#Domain%20Whitelist%20Guide

Solution 2:

None of the default Cordova (PhoneGap) platforms require CORS, despite the fact that the HTML files are hosted locally (file://) and are accessing a web domain.

However, on iOS, if you switch from the UIWebView to the newer WKWebView via cordova-plugin-wkwebview-engine, you will indeed have to implement CORS.

Solution 3:

Yes You have to activate CORS on he server that hosts your API. I am running a Phonegap App on iOs. My app requests json from a server API on Apache. I activate CORS on the server to get the data otherwise I get nothing in my application, no error and no data.

Notice that the access parameter in the config file lets you filter which domain your application is authorized to query but does nothing with the server's permissions.