This is making me pull my hair out, and so desperate to start testing in Android 5.*, so here goes.
First here is what I have:
config.xml
<access origin="*.google.com"/>
<access origin="*.gstatic.com"/>
<access origin="*.googleapis.com"/>
...
<plugin name="cordova-plugin-whitelist" version="1" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
index.html
<head>
...
<meta http-equiv="Content-Security-Policy"
content="default-src 'self' https://*.google.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
<meta http-equiv="Content-Security-Policy"
content="default-src 'self' https://*.gstatic.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
<meta http-equiv="Content-Security-Policy"
content="default-src 'self' https://*.googleapis.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
I have found that the same issue is described here, and attempted to merge the suggestions found, along with some other advice from the PhoneGap Documentation, no success yet.
To be more specific to this issue, the resource I am trying to allow is Google Maps V3. I'm certain I'm missing something small, would appreciate anything, even a simple suggestion.
Thanks!
UPDATE 1
Well spotted, @Fido, but unfortunately this has proven not to be the only issue. I am now using the PhoneGap plugin as documented here, and replaced in my config.xml as such, but no improvement. The funny thing I've noticed though is that the plugin does not show up as being used in the project's plugin summary (which I have now discovered exists). So, I would say it is likely that despite the documentation, it is not able to pull this resource as it describes it should.
I will give anyone a chance to make any extra suggestions, but ultimately I may have to bite the bullet and do a local build as Fido suggests.
UPDATE 2
As it turned out, I hadn't pushed my config.xml to the repository properly, so it now reflects that I am using the whitelist plugin provided by Corova, but hasn't helped. I will see if there are any plugins are around before I build local and use the other suggested plugin.
UPDATE 3
Good news; I was able to specify the NPM package of the same plugin from here:
<gap:plugin name="cordova-plugin-whitelist" version="1.0.0" source="npm" />
And as far as I can gather, it is the mirror as you suggested @Fido (correct me if I'm wrong) but the issue persists; I can only imagine that it is either my origins, allow-intents or Content-Security-Policy definitions are incorrect.
Thanks!
When using Cordova 4.0 and above you need to add this plugin to get your whitelists working poroperly.
In your case since you are using the phonegap build platform this line:
<plugin name="cordova-plugin-whitelist" version="1" />
Should actually be this:
<gap:plugin name="cordova-plugin-whitelist" version="1" />
If the cloud service proves too limiting then you can use the CLI to install cordova plugins and then build and deploy locally. More info on this appraoch here. This approach requires more setup effort (e.g. getting the android sdk) but makes development in the long run much faster in my opinion.