GitHub user breautek added a comment to the discussion: Is there any way to bypass CORS requirement with native `fetch()`, on Android platform?
It's a layer to lock down the webview further. Based on [Widget Access Request Policy](https://www.w3.org/TR/widgets-access/) specification. The webview allows intercepting network request and Cordova uses this to enforce an allow list policy. But if we permit the request to continue, they are still subjected to CORS, and CSP which are two different browser security mechanisms. If I recall correctly there are still gaps in the CSP in what it can restrict (e.g. I don' think CSP prevents navigations) so both CSP and cordova's allowlist is still used. GitHub link: https://github.com/apache/cordova/discussions/504#discussioncomment-11093109 ---- This is an automatically sent email for issues@cordova.apache.org. To unsubscribe, please send an email to: issues-unsubscr...@cordova.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
