I use cordova regular on ubuntu for android.
I compile with build.phonegap.com for ios, uploading zip project.
with Android all fine, but with ios deviceready not fire until i tap or change the focus to other thing.
Mi index is simple:
<head>
<!--
Customize this policy to fit your own app's needs. For more guidance, see:
https://github.com/apache/cordova-plugin-whitelist/blob/master/README.md#content-security-policy
Some notes:
* gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
* Disables use of inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
-->
<meta http-equiv="Content-Security-Policy"
content="
default-src 'self' https://ssl.gstatic.com data:* gap://* file://* tel:* 'unsafe-inline' 'unsafe-eval' ;
style-src 'self' 'unsafe-inline';
frame-src 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com;
connect-src 'self' https://app.mypage.es/ connect.facebook.net www.facebook.com;
media-src *;
img-src 'self' www.google-analytics.com www.facebook.com;
script-src 'self' 'unsafe-inline' www.google-analytics.com connect.facebook.net www.facebook.com">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
<link rel="stylesheet" type="text/css" href="css/index.css">
<title>Hello World</title>
</head>
<body>
<div class="app">
</div>
<script type="text/javascript" src="jquery-3.2.1.min.js"></script>
<script src="fastclick.js"></script>
<script type="text/javascript" src="cordova.js"></script>
<script type="text/javascript" src="js/index.js"></script>
</body>
</html>
and the index.js
document.addEventListener("deviceready", onDeviceReady, false);
function onDeviceReady() {....stuff}
i try diferent alternatives to content-policy and diferent ways to atach event
What is the correct way?
finally removing all platforms and plugins, and adding them after, solve my problems.
have you tried restarting?
Related
I'm getting a bunch of Content Security Policy errors in Electron developer console for adding google font :
Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght#300;400&display=swap' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data:". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
I'm using electron-forge's React with TypeScript boilerplate.
Easiest way would probably be to set a Content-Security-Policy meta tag in the header of your template like this:
<head>
<meta charset="UTF-8">
<!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -->
<meta
http-equiv="Content-Security-Policy"
content="default-src 'self';
script-src 'self';
font-src 'self' https://fonts.gstatic.com;
style-src 'self' https://fonts.googleapis.com">
<!-- ...other stuff... -->
</head>
Guide on how to use these is here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#multiple_content_security_policies
I'm currently in my first hours of electron myself, without react for now, and that's how I got around it and I think that's how you're supposed to do it.
Having the same problem as this guy but am not using .NET so I don't know what the answer to this problem is. I am using Electron.
<head>
<meta http-equiv="Content-Security-Policy" content="style-src-elem 'self' https://fonts.googleapis.com">
<meta http-equiv="Content-Security-Policy" content="font-src https://fonts.gstatic.com">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
<meta charset="UTF-8">
<link rel="preconnect" href="https://fonts.gstatic.com">
<link href="https://fonts.googleapis.com/css2?family=Poppins:wght#300&display=swap" rel="stylesheet">
<link rel="stylesheet" href="index.css">
</head>
Here is the error:
Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Poppins:wght#300&display=swap' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
The question is here, 'style-src-elem' IS explicitly set. I have no idea what is going on. Please help
Nevermind, figured it out! I thought I could separate the <meta> tags for readability, but it turns out that was not the case. Each <meta> tag was over-writing the previous, leaving everything to check for the last content="default-src 'self'" <meta> tag. Here is the working code for anyone that is having a similar problem:
<head>
<meta http-equiv="Content-Security-Policy" content="
default-src 'self';
style-src-elem 'self' https://fonts.googleapis.com;
font-src https://fonts.gstatic.com;
">
<meta charset="UTF-8">
<link rel="preconnect" href="https://fonts.gstatic.com">
<link href="https://fonts.googleapis.com/css2?family=Poppins:wght#300&display=swap" rel="stylesheet">
<link rel="stylesheet" href="index.css">
</head>
I recently found a bug on my phonegap application.
So, I decided to correct it (nice!) and I needed to update phonegap client to the new version 6.4.2.
Once done, I ran my application via "phonegap serve" and test my app on Android device and an iPhone device (with iOS 10).
Our application is a simple HTML page with an iframe inside in order to encapsulate our responsive design website.
Everything works great on Android AND on old iPhone (iOS 7.1.2) but on the new iPhone with iOS 10, the iframe doesn't load !!!
I search for a long time why... I do not understand...
So, I planned to create a new application
phonegap create TestApp
Here is the index.html code
<html>
<head>
<meta charset="utf-8" />
<meta name="format-detection" content="telephone=no" />
<meta name="msapplication-tap-highlight" content="no" />
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width" />
<meta http-equiv="Content-Security-Policy" content="default-src gap://ready file://* *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src *; ">
<link rel="stylesheet" type="text/css" href="css/index.css" />
<script type="text/javascript" src="js/index.js"></script>
<script type="text/javascript" src="js/jquery-1.7.1.min.js"></script>
<title>Hello World</title>
</head>
<body>
<iframe id="webview" src="https://www.google.com" onload="checkPage();">
</iframe>
<script type="text/javascript" src="cordova.js"></script>
<script type="text/javascript">
app.initialize();
</script>
</body>
</html>
It's really the started page with an iframe inside and this iframe doesn't load and the checkPage() is never fired.
I tried to change "Content-Security-Policy" but... did not work...
I'm out of ideas, so, if somebody had the same issue and know how to resolve this... You're welcome !
Thanks,
I can provide you more code if you want
Laurent
The answer can be found in this question:
Cordova iOS blank iframe
Simply add the following to your config.xml file:
<allow-navigation href="*" />
I am using cordova to load plugins into my app. Here is the simplified reproduceable issue:
cordova create foo
cordova plugin add pluginname --save
cordova platform add android --save
cordova build android --verbose
I can run this app using phonegap and see it on my phone. The app reports deviceready as the basic starter app is supposed to. All looks great so far.
If I look in the plugin folder I can see my plugin there. In this case my plugin is called bluetoothle.
I edit the index.js file at a location that fires after the deviceready occurs and add "alert ( typeof (bluetoothle));"
I expect that when the alert fires it should report "object". It does not do this. It reports "undefined".
I have tried this with several other plugins and I always get the same result. So it would seem that no matter what plugin I install I cannot access any of the functions within the plugin.
I do have the same Problem. But I'm using the Phonegap CLI. And the following plugin: https://github.com/randdusing/cordova-plugin-bluetoothle
I add the plugin using the command:
$ phonegap plugin add cordova-plugin-bluetoothle
I've added platform android and ios.
So in the plugins folder there is the cordova-plugin-bluetoothle folder most probably being a valid plugin packet.
Also in the plugins folder there is the android.json and ios.json file containing the section:
"cordova-plugin-bluetoothle": {
"PACKAGE_NAME": "com.phonegap.helloworld"
},
in plaforms/android there is the android.json file containing:
{
"xml": "<feature name=\"BluetoothLePlugin\"><param name=\"android-package\" value=\"com.randdusing.bluetoothle.BluetoothLePlugin\" /></feature>",
"count": 1
},
in platforms/ios there is the ios.json file containing:
{
"xml": "<feature name=\"BluetoothLePlugin\"><param name=\"ios-package\" value=\"BluetoothLePlugin\" /></feature>",
"count": 1
},
I've targeted Android SDK API 23. As the readme tells...
As I have just modified the hello-world example to call bluetoothle initialize on after the deviceready event has fired.
So where could the problem be so that the bluetoothle variable is not defined in the index.js code, when the device is ready?
So here the complete code of index.js:
var bluetoothle;
var app = {
// Application Constructor
initialize: function() {
this.bindEvents();
},
// Bind Event Listeners
//
// Bind any events that are required on startup. Common events are:
// 'load', 'deviceready', 'offline', and 'online'.
bindEvents: function() {
document.addEventListener('deviceready', this.onDeviceReady, false);
},
// deviceready Event Handler
//
// The scope of 'this' is the event. In order to call the 'receivedEvent'
// function, we must explicitly call 'app.receivedEvent(...);'
onDeviceReady: function() {
app.receivedEvent('deviceready');
console.log("platform: " + device.platform);
if(bluetoothle) {
console.log("bluetooth is not defined!");
} else {
console.log("bluetooth is not defined!");
}
console.log("yhea managed to initialize Bluetooth LE!");
},
// Update DOM on a Received Event
receivedEvent: function(id) {
var parentElement = document.getElementById(id);
var listeningElement = parentElement.querySelector('.listening');
var receivedElement = parentElement.querySelector('.received');
listeningElement.setAttribute('style', 'display:none;');
receivedElement.setAttribute('style', 'display:block;');
console.log('Received Event: ' + id);
}
};
And the complete code of index.html:
<html>
<head>
<meta charset="utf-8" />
<meta name="format-detection" content="telephone=no" />
<meta name="msapplication-tap-highlight" content="no" />
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width" />
<!-- This is a wide open CSP declaration. To lock this down for production, see below. -->
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *" />
<!-- Good default declaration:
* gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
* Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
* Enable eval(): add 'unsafe-eval' to default-src
* Create your own at http://cspisawesome.com
-->
<!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: 'unsafe-inline' https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *" /> -->
<link rel="stylesheet" type="text/css" href="css/index.css" />
<title>Hello World</title>
</head>
<body>
<div class="app">
<h1>PhoneGap</h1>
<div id="deviceready" class="blink">
<p class="event listening">Connecting to Device</p>
<p class="event received">Device is Ready</p>
</div>
</div>
<script type="text/javascript" src="cordova.js"></script>
<script type="text/javascript" src="js/index.js"></script>
<script type="text/javascript">
app.initialize();
</script>
</body>
</html>
Sooo,
The Issue I had before I just "worked around" by using a different Plugin for my Bluetooth Low Energy stuff.
Later I ran into the same Problem again with another Plugin.
And then I finally got the picture where it all makes sense:
I was mainly using the Phonegap Developer App to test on-the-fly.
The Phonegap Developer App comes bundled with all the Core Plugins and some others.
!! Those plugins which are not bundled already, will never be accessible for your Phonegap Developer App for testing !!
phonegap plugin add cordova-plugin-new-unbundled
Will not make it available to the App. Only download and prebuild the files for a potential real build.
To make this work in the Phonegap Developer App you would need to build your own Phonegap Developer App adding the Plugins you need.
Otherwise your Plugins are only available in a real build.
I have a bootstrap/angular js ui-router app that is created in windows visual studio on a windows tablet. Originally the need was to have the app for Windows users, now its needed for all devices.
After the app was created for browser, I was able to import it into visual studio for cordova. I got everything working testing in Windowsx64 - local machine settings. I tried plugging my iphone to tablet to test the iOS version of the app but I never got that working. So I tried testing with the Ripple simulator that Visual Studio comes with. The simple start page and any other apps would work great from device to device, but just this specific app ui-router and styles do not transfer over and do not show up on iOS and Android. No errors logs show up when in iOS or Android mode.
the code behind the app:
index.html
<!DOCTYPE html>
<html ng-app="routerApp">
<head>
<!--
Customize the content security policy in the meta tag below as needed. Add 'unsafe-inline' to default-src to enable inline JavaScript.
For details, see http://go.microsoft.com/fwlink/?LinkID=617521
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
<!-- STYLE SHEETS-->
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/index.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
<title>Clinical Cases Program</title>
</head>
<!-- apply our angular app to our site -->
<body>
<nav class="navbar navbar-inverse" role="navigation">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" ui-sref="landing">Clinical Cases App</a>
</div>
</div>
</nav>
<h1>The device is running</h1>
<!-- MAIN CONTENT -->
<!-- THIS IS WHERE WE WILL INJECT OUR CONTENT ============================== -->
<div class="container">
<div ui-view></div>
</div>
<script type="text/javascript" src="cordova.js"></script>
<script type="text/javascript" src="scripts/platformOverrides.js"></script>
<script type="text/javascript" src="scripts/index.js"></script>
<!-- SCRIPTS -->
<script type="text/javascript" src="scripts/angular.js"></script>
<script type="text/javascript" src="scripts/ui-router.js"></script>
<script type="text/javascript" src="scripts/jquery.js"></script>
<script type="text/javascript" src="scripts/bootstrap.min.js"></script>
<script type="text/javascript" src="scripts/script.js"></script>
</body>
</html>
script.js
routerApp.config(function ($stateProvider, $urlRouterProvider) {
$urlRouterProvider.otherwise('/home');
$stateProvider
// HOME VIEWS =================================
.state('landing', {
url: '/home',
templateUrl: 'templates/partial-landing.html'
})
// FILTERS VIEWS ========================================
.state('filters', {
url: '/filters',
templateUrl: 'templates/partial-filters.html',
controller: 'FilterToggleController',
controllerAs: 'vm'
})
// CASES VIEWS =================================
.state('cases', {
url: '/cases',
templateUrl: 'templates/partial-cases.html',
controller: 'CasesController',
controllerAs: 'vm'
});
});
//"myApp" is the your module
routerApp.config(['$compileProvider', function ($compileProvider) {
$compileProvider.imgSrcSanitizationWhitelist(/^\s*(https?|ftp|file|ms-appx|ms-appx-web|x-wmapp0):|data:image\//);
}]);
Is there a specific folder in Visual Studio or Cordova that overwrites these style/script? Is there something wrong with Ripple simulators?
Attached are screenshots of the original windows app and other iOS and Android Ripple.
Windows x64 - local machine
Android - Ripple-Nexus(Galaxy)
Android Ripple - Nexus 7 (tablet)
iOS - Ripple iphone 5
iOS - Ripple ipad 3