I've looked through a lot of similar issues, but none have seemed to work for me. Our app makes 2 API requests - the first to fetch an OAuth code to our API (works fine) and the other posts that code to the Rails API (which is failing).
I am posting to http://localhost:3000/api/v1/users/auth/openid_connect/callback
But getting net::ERR_CONNECTION_REFUSED. However, this works fine when running on iOS.
My config currently has:
<plugin name="cordova-plugin-whitelist" spec="1" />
<access origin="*" />
<allow-navigation href="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
I've tried adding <allow-intent href="http://localhost:3000/api/v1/*" /> and <allow-intent href="http://127.0.0.1:3000/api/v1/*" /> and even the full openid_connect/callback URL but none seem to work.
In my index.html, I have
<meta http-equiv="Content-Security-Policy" content="default-src * 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src * 'unsafe-inline'">
Does the issue lie with how I am handling access origin in the config or do I have the Content-Security-Policy wrong?
To close the issue, the error was that Android didn't seem to know how to handle localhost. Changing the domain to http://10.0.2.2 solved the problem.