Access Elements

As of Cordova iOS 4.x, Cordova Android 4.x, and Cordova Windows 4.x, whitelist management was moved from the core Cordova project to the cordova-whitelist-plugin, including the addition of the allow-navigation and allow-intent elements. You must add this plugin to enable and restrict network access in your application. See the cordova-whitelist-plugin repository for up to date documentation. The following documentation here is for pre-4.0 applications only.

Whitelist (Pre Cordova 4.x)

The access element provides your app with access to resources on other domains - in particular, it allows your app to load pages from external domains that can take over your entire webview.


Your application can contain zero or many access elements.

origin: The domain of where the resource lives.

subdomains (optional): Whether to allow subdomains on the host specified in the origin paramter.

A blank access tag - <access /> - denies access to any external resources. A wildcard - <access origin="*" /> - allows access to any external resource.

Example Usage:

<?xml version="1.0" encoding="UTF-8" ?>
<widget xmlns   = ""
xmlns:gap   = ""
id          = "com.phonegap.example"
versionCode = "10"
version     = "1.0.0" >

  <!-- versionCode is optional and Android only -->

  <name>PhoneGap Example</name>

    An example for phonegap build docs.

  <author href="" email="">
    Hardeep Shoker

    This allows your app to load assets from all * domains
  <access origin="" subdomains="true" />


The behaviour of the access element is heavily dependent on the platform you're deploying to - we have a blog post with more information. It is also likely to vary between different releases of PhoneGap - we'll work to maintain sane defaults and configurability for PhoneGap Build users.

Edit this page on GitHub