I'm trying to develop a login app using PhoneGap. I am able to connect to the php file using ajax through the browser but I can't connect through the PhoneGap app on my phone.
I've tried white listing it in the config.xml using
<gap:plugin name="cordova-plugin-whitelist" source="npm"/>
And also
<access origin="http://192.168.7.113/FirstApp/apiservice/fetchdata.php" subdomains="true"/>
But it did not work.
Additionally I added the access control allow origin to the php
header("Access-Control-Allow-Origin: *");
And I added the Content Security policy to the html file
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
If you guys could please help me. I'd really appreciate a working example. I've tried everything.
Related
Question - so I am trying to use the protractor-beautiful-reporter on my jenkins install. This is an agular app. However when the page is rendered showing that the angular bit isn't working. Looking at the console for the page shows the following:
Content Security Policy: The page’s settings blocked the loading of a
resource at
https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js
(“script-src http://dskvm4981-iis:8080 'unsafe-inline'
'unsafe-eval'”).
I already use a couple of setProperty to override CSP for the machine. These are:
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")
System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")
Anyone know how change the above to work from either a local file or a remote file?
One workaround would be to avoid having the report download Angular source at all by either requesting this kind of change on the protractor-beautiful-reporter issue tracker or forking the package copying the angular source and changing the source of the script from:
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js"></script>
to something like:
<script src="angular.min.js"></script>
having the minified angular js file downloaded to be near the index.html itself.
This is no more than a workaround, of course.
I update Jenkins security settings to support allure report
System.setProperty(“hudson.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")
it works fine ,now I need to add
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts;")
for HTML report
how can I combine both settings into 1 ?
Thanks , Mor
looks like this one
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src 'none'; img-src 'self'; style-src 'self'; child-src 'self'; frame-src 'self';")
do the trick
I deviceready doesn't fire or fires very late in my ionic app when I run it on my iOS device with
ionic run ios --device -lcs
I removed all the plugins with ionic plugin rm ..., deleted the content of the plugins/ directory and reinstalled them.
I also removed and reinstalled the ios platform with ionic platform rm/add ios.
I am stuck with this.
The iPhone (6+) is on iOS 10.
I am using ionic 1, and the last ionic CLI.
EDIT: I removed all plugins one by one, and its seems that the problem is due to cordova-plugin-network-information and cordova-plugin-device.
Process 663 detached
(lldb)
(node:26790) DeprecationWarning: Using Buffer without `new` will soon stop working. Use `new Buffer()`, or preferably `Buffer.from()`, `Buffer.allocUnsafe()` or `Buffer.alloc()` instead.
14 030280 warn Native: deviceready did not fire within 2000ms. This can happen when plugins are in an inconsistent state. Try removing plugins from plugins/ and reinstalling them.
15 030605 info [object Object]
16 033286 log deviceready has not fired after 5 seconds.
17 033290 log Channel not fired: onCordovaInfoReady
18 033293 log Channel not fired: onCordovaConnectionReady
19 363977 log DEVICE READY FIRED AFTER, 32259, ms
My run.js, AppCtrl.js and the controller of my main view are encapsultaed in $ionicPlatform.ready(function () {..});`
My content security policy is:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: *;">
I added Thanks for your response #baviskarmitesh. But I had to add gap to the content security policy and now it seems to work.
I added data: gap: https://ssl.gstatic.com 'unsafe-eval'after default-src * into my content security policy in my index.html file, like this:
<meta http-equiv="Content-Security-Policy" content="
default-src * data: gap: https://ssl.gstatic.com 'unsafe-eval';
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval' *;
connect-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: *;
">
And now deviceready fires quickly with all my plugins.
This seems to be a common issue with Ionic framework and there could be multiple reasons for it. One reason could be some issue with the plugin you use or could also be due to some issue in the platform folder. There seems to be an open issue on this in Ionic CLI project.
Following could be the possible fixes for this issue:
Removing the faulty plugins and re-adding the same
Removing the platform folder and re-adding the same.
Probably avoid using live reload option
If the problem is iOS specific, then you can try relaxing the content security policy
You can also have a look at this link
Hope this should help.
I am working with a hybrid-cordova application in iOS, in the latest version of cordova is adding this line to the headtag
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
and when I am building in the simulator or device is returning this error:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
This error appears when is the moment of the interaction with the server, blocking the ajax requests.
What am I doing wrong? please help!!!
The error message is telling you that your current content security policy prohibits requests to the domain you're making the request to, as you haven't specified that it is allowed to do so. Include this in the CSP tag:-
script-src https://yourajaxdomainhere
So it becomes
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; script-src https://yourajaxdomainhere; media-src *">
Also ensure the domain you're sending requests to is added as an allowed origin in your config.xml file.
<access origin="https://yourajaxdomainhere" />
More information on content security policy is here
Need your help!
I've been working on integrating my automation test to Jenkins. I use Serenity BDD and JBehave. My Serenity report displayed OK when I run my test manually. But, when I integrate the test to Jenkins and try to display the report through Publish HTML Report Plugin, it can't display the pie chart and missing other elements as well.
Any idea how to solve this?
Actually you don't need to downgrade Jenkins. This issue happens because of new content security policy headers that is supported by modern browsers. Correct resolution could be the following (code examples and paths for CentOS 7):
Configure content policy headers via Jenkins system property:
sudo vim /etc/sysconfig/jenkins
set java options as following:
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-forms allow-scripts; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';\""
# save and exit
sudo /etc/init.d/jenkins restart
Install Jenkins CORS Filter Plugin: https://wiki.jenkins-ci.org/display/JENKINS/Cors+Filter+Plugin
Setup CORS (Manage Jenkins -> Configure System -> CORS Filter)
Enjoy results :-)
More details about content security policy: http://content-security-policy.com
I got it working as below on Ubuntu 16.04
Goto /etc/default/jenkins and set below value
JAVA_ARGS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-forms allow-scripts; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data:;\""
Restart jenkins with command
http://localhost:8080/safeRestart
Goto Jenkins > Manage Jenkins > Script Console run below
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
Close existing Jenkins browser window and open new one in incognito mode.
References
Jenkins Content Security Policy
Jenkins - HTML Publisher Plugin - No CSS is displayed when report is viewed in Jenkins Server
I have been also facing the same problem. I used some code in the script console to show Extent Report via HTML plugin, it worked but the pie chart was not visible, then after exploring a lot, finally I also found the following code by which I am also able to view the pie chart in my extent reports. Go into Script Console and run the following code;
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';")
Since it is a Java property at the end, it could be setup either inside of the Jenkins application or at the Jenkins starting. In my case using Ubuntu, to add it needs to edit /usr/lib/systemd/system/jenkins.service and add the following line:
# Arguments for display Thucydes Reports correctly
Environment="JAVA_OPTS=-Dhudson.model.DirectoryBrowserSupport.CSP=\"default-src \"*\" 'unsafe-inline' 'unsafe-eval'; script-src \"*\" 'unsafe-inline' 'unsafe-eval'; connect-src \"*\" 'unsafe-inline'; img-src \"*\" data: blob: 'unsafe-inline'; frame-src \"*\"; style-src \"*\" 'unsafe-inline';\""
Save the file and execute the following commands to finish the process:
sudo systemctl daemon-reload
sudo service jenkins restart
Now every time Jenkins is restarted the property is set !
Solved. Need to downgrade Jenkins.