stackoom
  简体   繁体   中英

cordova-plugin-whitelist working on Android but not iOS (Phonegap Build)

 原文  2015-10-14 16:17:53       android/ ios/ cordova/ phonegap-build/ cordova-plugins

Question

I'm working on a JavaScript app wrapped in Cordova and built with Phonegap Build. We're including cordova-plugin-whitelist from npm in our build and have added <access origin="*" /> to our config.xml and an open CSP ( <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"> ) in our index.html. The app works fine on Android and talks to our server without issues, but on iOS all requests fail immediately as if the whitelist plugin isn't letting traffic through.

I've tried a number of different build configurations in case something broke in a particular version of Cordova, but haven't been able to get this to work at all. I've had a similar issue with other Phonegap/Cordova apps in the past but was able to solve it with the whitelist plugin/CSP/access rule.

This issue has also been difficult to debug since the Safari Developer Tools won't connect to the iOS device and I'm having to alert the responses I'm seeing. It looks like the response coming back has a status code 0 and an empty body, which I'm assuming just means unreachable.

2 answers

solution1
 4  2015-10-14 16:41:06

You may well need to set the connect-src in your Content-Security-Policy, for example: 

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src http://YOUR_HOST">

Additionally for Xcode 7 / iOS 9 you will need to adjust the ATS settings to allow connections to non https backends if you aren't using SSL:

Here's a working example of the change to your app's info .plist: 

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
</dict>

(Note you can also configure this to selectively allow non https connections).

And here's a script you could use as a pre build hook for iOS to do this automatically: 

#!/bin/bash
echo "Adjusting plist for App Transport Security exception."
val=$(/usr/libexec/plistbuddy -c "add NSAppTransportSecurity:NSAllowsArbitraryLoads bool true" platforms/ios/PROJECTNAME/PROJECTNAME-Info.plist 2>/dev/null) echo "Done"

Just swap out PROJECTNAME for the name of your project.

solution2
 0  2018-04-02 19:19:26

Change your access tag to: 

<access origin="https://yourdomain.com" requires-certificate-transparency='false' allows-arbitrary-loads-in-web-content='true'/>

It will update the Info.Plist file accordingly in the NsAppTransportSecurity entry.

Source: https://cordova.apache.org/docs/en/latest/guide/appdev/whitelist/#ios-whitelisting

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question cordova-plugin-whitelist not working when using Phonegap build build.phonegap plugin unsupported: cordova-plugin-whitelist @ 1 Use of cordova-plugin-whitelist cordova plugin rm cordova-plugin-whitelist does not change config.xml so it will be readded upon build $http get in ionic not working on real device even cordova-plugin-whitelist is installed Android build failed with cordova-whitelist-plugin Phonegap build server not working whitelist plugin Can't do ajax calls from android device because cordova-plugin-whitelist is not installed but i can't install it? Phonegap Error - “No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.” Cordova failed to install 'cordova-plugin-whitelist': Error: ENOENT: no such file or directory AndroidManifest.xml
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM