Cordova AWS S3 via Cloudflare XMLHttpRequest blocked by CORS policy

I think I’ve almost got this right - Javascript AJAX request in Cordova to files on AWS via a custom domain on Cloudflare sitting in front of an AWS S3 bucket, are getting the error:

Access to XMLHttpRequest at '' from origin 'https://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The CSP in my index.html in the Cordova project is:

<meta http-equiv="Content-Security-Policy" content="default-src * data: gap: 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:; font-src 'self' data:;">

and the config.xml contains this:

<access origin="*" />
<access allow="" />
<access allow="" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />

JS code:

var filename = "";
	async: async, // Set passed in param to false to process updates in sequence
	type: 'GET',
	url: filename,
	dataType: 'json',
	success:  function(data) {
if(logging) console.log("READ FILE FROM AWS SUCCESSFULLY, " + data.length + ", type: " + typeof data + ", from: " + filename);
if(logging) console.log(data);

	error: function(data) {

if(logging) console.log("Couldn't read AWS file: " + filename, 'error: ', data);

		if(errorfn) errorfn(data);

Any ideas where I’m going wrong please? Accessing the same file URL (that I’m trying to get via AJAX) directly in a desktop browser in the address bar, works fine. Think this just needs a slight tweak somewhere…

[just adding some additional info to my question above]
What I don’t get (if I understand how CORS works) is why my CSP and config.xml aren’t allowing requests to ? Surely they should be effectively whitelisting any file from that URL?

I posted an solution to your problem on the Voltbuilder forum, as this doesn’t have anything to do with Cloudflare.

Appreciated, thanks very much

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.