What domains are hit during Oauth Process?


We have a web app that is run inside a Cordova container. We need to stay in the app as Oauth to HubSpot is happening. I got this to work in Android by white listing:

allow-navigation href="https://*.hubspot.com/*"
allow-navigation href="https://*.getsidekick.com/*"

I iOS I’m still getting popped out of the app because it must be redirecting to another domain. If I allow-navigation for “*” it works fine (but I can’t white list all domains). I need to know what domains it might be redirecting to.

BTW - I have a whole bunch of access origin setting in order for the assets to load properly. Looks like I have all of the correct since everything works when allow-navigation “*”


I got it working with a lot of trial and error. For some reason I had to allow this navigation though I never see the browser being navigated to this domain:

allow-navigation href="https://*.hubapi.com/*"

I can understand that domain in access origin but not in navigation.