Using handleOpenURL with Custom URL scheme in Cordova

You need to make sure you list your "custom" URL in your CSP.

Added 2016-02-11: NOTE: YOUR APP IS NOW INSECURE. IT IS UP TO YOU TO SECURE YOUR APP.

It would look something like this:

<meta http-equiv="Content-Security-Policy" 
         content="default-src * signsrestaurantandbar:; 
                  style-src * 'self' 'unsafe-inline' 'unsafe-eval'; 
                  script-src * 'self' 'unsafe-inline' 'unsafe-eval';">

Usually the wildcard setting (*) can handle most applications, but not your "custom" protocol.
NOTE: Wildcard setting have the potential of keep your app out of the "app stores".

You may also need to add to your config.xml

<allow-intent href="signsrestaurantandbar:" />

This whitelist worksheet should help. HOW TO apply the Cordova/Phonegap the whitelist system

You should also read the whitelist matrix, especially the sectionon <allow-intent (...) /> - Best of Luck


Add global handleOpenURL function using this code:

window.handleOpenURL = function(url) {
  console.log(">>>>>>>>>>>>>>>>>>>");
  // do stuff, for example
  // document.getElementById("url").value = url;
  console.log(url);
};

See Cordova Custom URL Scheme Handling.

Note that if you use alert in this function your app would hang:

You cannot launch any interactive features like alerts in the handleOpenURL code, if you do, your app will hang. Similarly, you should not call any Cordova APIs in there, unless you wrap it first in a setTimeout call, with a timeout value of zero.

The benefit of this method is you don't need to change Content Security Policy using Content-Security-Policy meta tag.