Apache Cordova (phonegap): Is Jsonp Needed For Cross-site Scripting?

I've just started using Apache Cordova. I have an library that makes calls (via ajax) to a soap server. When I run these on my local machine in chrome, I get cross site scripting

Solution 1:

By default, Phonegap allows cross domain requests. You can restrict this using domain whitelisting if you're worried about security. If you're using jQuery, set $.support.cors = true; to allow cross domain requests.

This page has a breakdown of cross site scripting security in Phonegap.

By the way, there's a neat trick you can use with Google Chrome to allow cross site scripting and therefore test your Phonegap app in the Ripple emulator, for example: set the command line parameter --disable-web-security in the shortcut to Chrome, e.g.

"C:\Program Files\Google\Chrome\Application\chrome.exe"--disable-web-security