breautek commented on issue #1681:
URL:
https://github.com/apache/cordova-android/issues/1681#issuecomment-1783643591
The error is standard browser behaviour, which disallows mixed content. In
otherwords, if you're on a secure origin, then you can't request non-secure
resources.
Natively there is a way to disable/allow mixed content, but Cordova doesn't
expose it this option. Cordova doesn't have a `MixedContentMode` preference (I
believe that is an ionic webview thing specifically). Though I'd have no
objection to have this preference added (PR is welcomed!)
You may be able to workaround this issue by using `http://` scheme instead.
```xml
<widget ...>
...
<platform name="android">
<preference name="scheme" value="http" />
</platform>
</widget>
```
This should put your webview origin at `http://localhost` and it will be
considered an insecure context, allowing you to fetch resources from other
insecure origins, but will have the caveat of disabling other web features.
Note that other browser security features will still apply including:
- [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
- [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) (which you
seem to be already handling)
- [Cordova's Allow
List](https://cordova.apache.org/docs/en/12.x/guide/appdev/allowlist/index.html)
Let me know if this helps.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
