Phonegap and Android 4.4.2 whitelist not working

Question

I have a PhoneGap application which takes data from my server and I have set-up everything to work with cross-domain resources.

It was working properly on Android 4.0.3 then I tested it on Android 4.4.2 and it doesn't work! On ajax calls I receive

An error occured: 0 SecurityError:
Failed to execute "open" on "XMLHttpRequest": refused to connect to "domain.com" because it violates the document's Content Security Policy.

My config.xml file contains the following:

<plugin name="cordova-plugin-whitelist" version="1"/>
<access origin="http://domain.com/app-filelanding/*" />
<allow-intent href="http://*/*"/>
<allow-intent href="https://*/*"/>
<allow-intent href="tel:*"/>
<allow-intent href="sms:*"/>
<allow-intent href="mailto:*"/>
<allow-intent href="geo:*"/>

I have this meta-tag on my index.html

<meta http-equiv="Content-Security-Policy"
      content="default-src 'self' http://www.domain.com 'unsafe-inline' data: gap: https://ssl.gstatic.com;
               media-src *;
               connect-src 'http://www.domain.com/'">

And this on my script:

$(document).on("mobileinit", function(){
    $.support.cors = true;
    $.mobile.allowCrossDomainPages = true;
});

Answer 1

您似乎混合了domain.com和www.domain.com-尝试将内容安全策略更改为引用domain.com而不是www.domain.com