{"id":17191,"library":"cordova-plugin-advanced-http","title":"Cordova Advanced HTTP Plugin","description":"cordova-plugin-advanced-http is a Cordova/PhoneGap plugin that enables mobile applications to perform HTTP requests using native networking capabilities, offering significant advantages over standard JavaScript requests. Key differentiators include robust SSL/TLS pinning for enhanced security, bypassing browser-imposed CORS restrictions, support for X.509 client certificate-based authentication, and improved handling of HTTP 401 Unauthorized responses. The current stable version is 3.3.1. While there isn't an explicit release cadence, the project is actively maintained with updates detailed in its `CHANGELOG.md`. This plugin is particularly valuable for applications requiring secure communication channels and those needing to circumvent typical webview networking limitations on iOS, Android, and Browser platforms.","status":"active","version":"3.3.1","language":"javascript","source_language":"en","source_url":"https://github.com/silkimen/cordova-plugin-advanced-http","tags":["javascript","cordova","device","ecosystem:cordova","cordova-ios","cordova-android","ssl","tls"],"install":[{"cmd":"npm install cordova-plugin-advanced-http","lang":"bash","label":"npm"},{"cmd":"yarn add cordova-plugin-advanced-http","lang":"bash","label":"yarn"},{"cmd":"pnpm add cordova-plugin-advanced-http","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Runtime environment for the plugin, required for `cordova.plugin.http` global object and native functionality.","package":"cordova","optional":false}],"imports":[{"note":"This plugin exposes a global `cordova.plugin.http` object, which is only available after the Cordova `deviceready` event fires. Direct ES module or CommonJS imports are not applicable for the main plugin interface.","wrong":"import { http } from 'cordova-plugin-advanced-http';","symbol":"cordova.plugin.http","correct":"document.addEventListener('deviceready', () => { /* use cordova.plugin.http here */ }, false);"},{"note":"Methods like `get`, `post`, `setHeader`, etc., are accessed directly off the global `cordova.plugin.http` object after the `deviceready` event. They use callback patterns or Promises when wrapped (e.g., with Ionic Native).","wrong":"import { get } from 'cordova-plugin-advanced-http/http';","symbol":"cordova.plugin.http.get","correct":"cordova.plugin.http.get('https://example.com/api/data', {}, {}, (response) => { /* success */ }, (response) => { /* error */ });"},{"note":"Sets a header for future requests. Can be global ('*') or host-specific. This method is available on the global `cordova.plugin.http` object.","wrong":"const { setHeader } = require('cordova-plugin-advanced-http');","symbol":"cordova.plugin.http.setHeader","correct":"cordova.plugin.http.setHeader('*', 'Authorization', 'Bearer mytoken');"}],"quickstart":{"code":"document.addEventListener('deviceready', onDeviceReady, false);\n\nfunction onDeviceReady() {\n  console.log('Cordova is ready. Initializing Advanced HTTP plugin.');\n\n  const http = cordova.plugin.http;\n  const API_BASE_URL = 'https://jsonplaceholder.typicode.com';\n\n  // Set a global header for all requests\n  http.setHeader('*', 'X-Custom-Header', 'MyValue');\n  console.log('Set global custom header.');\n\n  // Set data serializer to JSON for POST/PUT requests\n  http.setDataSerializer('json');\n  console.log('Set data serializer to JSON.');\n\n  // Perform a GET request\n  http.get(\n    `${API_BASE_URL}/posts/1`,\n    { /* parameters */ },\n    { /* headers */ },\n    (response) => {\n      console.log('GET Success:', response.status, JSON.parse(response.data));\n    },\n    (response) => {\n      console.error('GET Error:', response.status, response.error);\n    }\n  );\n\n  // Perform a POST request\n  const postData = { title: 'foo', body: 'bar', userId: 1 };\n  http.post(\n    `${API_BASE_URL}/posts`,\n    postData,\n    { 'Content-Type': 'application/json' }, // Can override global serializer's content type\n    (response) => {\n      console.log('POST Success:', response.status, JSON.parse(response.data));\n    },\n    (response) => {\n      console.error('POST Error:', response.status, response.error);\n    }\n  );\n\n  // Example of using SSL pinning (requires .cer files in www/certificates)\n  // Uncomment and configure if you have .cer files\n  /*\n  http.setServerTrustMode('pinned', () => {\n    console.log('SSL pinning enabled.');\n  }, (error) => {\n    console.error('Failed to enable SSL pinning:', error);\n  });\n  */\n}","lang":"javascript","description":"This quickstart demonstrates how to initialize and use `cordova-plugin-advanced-http` after the `deviceready` event, including setting global headers, configuring data serializers, and making basic GET and POST requests."},"warnings":[{"fix":"Always wrap calls to `cordova.plugin.http` methods within a `document.addEventListener('deviceready', handler, false)` callback.","message":"The plugin is a global object (`cordova.plugin.http`) and is only available after the `deviceready` event fires. Attempting to use it before this event will result in `ReferenceError: cordova is not defined` or `cordova.plugin.http is undefined`.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Implement custom timeout mechanisms or design application flow to tolerate unreliable request cancellation. Avoid relying on the plugin's native abort mechanism for critical operations.","message":"Abort functionality for sent requests is not working reliably. Applications relying on the ability to cancel in-flight HTTP requests may experience unexpected behavior or resource leaks.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Ensure all `.cer` files are correctly DER-encoded and placed in the specified directories. Thoroughly test pinning against your target server environments (development, staging, production) and manage certificate expiry. Use `setServerTrustMode('nocheck')` *only* for testing, never in production.","message":"SSL/TLS Pinning requires specific configuration. You must include DER-encoded `.cer` certificates in your app's `www/certificates` folder (or project root for iOS, `platforms/android/assets` for Android). Incorrectly configured certificates or an attempt to pin against a revoked/expired certificate will lead to connection failures.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Utilize comprehensive server-side logging or integrate dedicated mobile debugging proxies (e.g., Charles Proxy, Fiddler) to inspect native HTTP traffic. For debugging within the app, add extensive `console.log` statements around API calls.","message":"Debugging network requests made through this plugin can be challenging as they are handled natively and do not appear in the browser's developer tools (e.g., Safari's network tab for iOS). This makes inspecting request/response headers and bodies difficult.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"For nested data, always use `setDataSerializer('json')`. If `urlencoded` is required, flatten your data object or manually serialize complex parts before passing them to the plugin.","message":"The `setDataSerializer` method's `urlencoded` option does not support serializing deep (nested) JavaScript objects, whereas `json` does. Using `urlencoded` with complex data structures will lead to incorrect payload formatting.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Regularly review and update the `AndroidBlacklistSecureSocketProtocols` preference in `config.xml` with current recommendations for secure protocols. Consult Android's SSLSocket documentation for valid protocol names and industry best practices for TLS configuration.","message":"The `AndroidBlacklistSecureSocketProtocols` preference allows disabling insecure SSL/TLS protocols, which is critical for security. However, its effectiveness depends on correctly identifying and blacklisting outdated protocols (e.g., `SSLv3`, `TLSv1`). Failure to update this list as new vulnerabilities emerge can leave the application exposed.","severity":"deprecated","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure all plugin calls are within a `document.addEventListener('deviceready', function() { /* plugin code here */ }, false);` block.","cause":"Attempted to access `cordova.plugin.http` or other Cordova APIs before the `deviceready` event has fired, meaning the native bridge is not yet initialized.","error":"ReferenceError: cordova is not defined"},{"fix":"Verify that your `.cer` files are DER-encoded, up-to-date, and correctly placed in `platforms/android/app/src/main/assets/certificates` (or `www/certificates` in older setups). Ensure you are pinning against the correct server certificate or a valid intermediate/root CA.","cause":"This error typically occurs on Android when SSL pinning is enabled but the provided `.cer` certificates do not match the server's certificate or its trusted chain, or the certificates are not correctly placed/formatted.","error":"Failed to establish TLS connection: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."},{"fix":"Double-check that `cordova-plugin-advanced-http` is installed (`ionic cordova plugin add cordova-plugin-advanced-http`) and that `@ionic-native/http` is also installed (`npm install @ionic-native/http`). Ensure your `app.module.ts` correctly declares and provides `HTTP` from `@ionic-native/http/ngx`. Sometimes, rebuilding the project (`ionic cordova platform rm android && ionic cordova platform add android`) is necessary.","cause":"This specific error often arises in Ionic applications when using `@ionic-native/http` wrapper with `cordova-plugin-advanced-http`, where the wrapper might not correctly detect or interface with the underlying native plugin due to namespace differences or incorrect setup.","error":"Native: tried calling HTTP.post, but the HTTP plugin is not installed. Install the HTTP plugin: 'ionic cordova plugin add cordova-plugin-advanced-http'"},{"fix":"Check device network connectivity. Verify the requested URL is correct and accessible. Inspect server logs for errors. Ensure your `config.xml` and platform-specific manifests have necessary network permissions (e.g., `android.permission.INTERNET`, `android.permission.ACCESS_NETWORK_STATE`).","cause":"A generic error indicating a problem with the network request itself, which could be due to connectivity issues, incorrect URL, server-side errors, or missing network permissions in `AndroidManifest.xml` (Android) or `Info.plist` (iOS).","error":"Error: A network error occurred."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}