1

I need your help. I have an app in the app store which is based on ionic and build with phonegap build. Since last week some of my users cannot login into to the app anymore. I already tried to debug on the server side but the request does not even reach the server. The weird thing is that the problem started to appear last week before that everything worked fine. It seems to occur only on some phones, but I cannot see a pattern of smartphone type or android version. I already read most of the related posts and checked the following possible reasons:

  1. Missing CSP: I have following CSP entry in my index.html

    <meta http-equiv="Content-Security-Policy" content="default-src *;img-src * data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">

    And following entry for the whitelist plugin in the config.xml

    <access origin="*"/>
<allow-navigation href="http://*/*" />

  2. I also checked the "Access-Control-Allow-Origin" and Access-Control-Allow-Headers on my node.js server

    res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");

Did anyone of you encounter a similar problem? Or does know a starting point where to look for the problem? I would really appreciate your help, because I already tried everything I have in mind.

Best regards,

Peter

Improve this question
2
  • Are you able to reproduce the problem on any of your own devices? Or do you have any errors to share? Have you tried using HTTPS instead of HTTP? Maybe you can also share a bit more information about the app and what kind of requests we are talking about. Is it happening for every request?
    – Dexter
    Commented Nov 29, 2016 at 19:02
  • Hey so basically its a POST request to a node server. For the production apps i am using https and the allow-navigation for this is alos added in the config.xml. Its a simple login post send with the angular $http module. My problem is that i cannot reproduce it and problems seem to occur only with no real pattern on different devices. Additionally most of the users dont have these problems but i know its there. First i thought it was CORS problem but i tried to debug it with the help of a user. But his request never reached the server.
    – PeteMac88
    Commented Nov 30, 2016 at 5:48

1 Answer 1

Reset to default
1

Hey after several days of reading blogs and code checking i found the following article: http://www.cio.com/article/3146715/security/chrome-bug-triggered-errors-on-websites-using-symantec-ssl-certificates.html

It was a problem with our certificate provider and the android web view. After updating the web view and chrome via the app store, everything works again. The different version also explain why only some users experienced the problem.

best regards

Peter

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.