HTTP-referer tokens fails with secure services when files are served from file://

Discussion created by tuxbear on May 28, 2013
Latest reply on Jun 6, 2013 by brassier

We are building a phonegap app that will include som mapping features using phonegap/Cordova. Cordova serves up HTML/JS files in a webview on the smartphone straight from "disk" using the file:// protocol. This seems to be confusing the JS APIs, and the referrer is not included when a request to a secure service is made, hence the token is considered invalid.

Is this a bug in the JS API, or is there a known workaround? We cannot have username/password stored on the devices, and the devices will change IPs frequently. Our current solution is to serve a token to the clients based on their IP that they can use, but this is not ideal.