I'm developing an iOS app using Cordova 3.3.0. In my config.xml, I have the following:
<access origin="https://*.kidsintouch.com" />
Theoretically, that should stop my app from accessing any resources that try to load outside that domain.
However, when I run the app in the simulator or on device via Xcode, I can access images from any domain.
The PhoneGap docs say :
Unlike the Android platform noted above, navigating to non-whitelisted domains via href hyperlink on iOS prevents the page from opening at all.
However, I'm still able to put an external link on a page in the app and click on it.
When I run the app in Xcode, I see the following console output:
2014-01-02 06:47:16.469 Kids In Touch[10454:60b] Multi-tasking -> Device: YES, App: YES
2014-01-02 06:47:16.480 Kids In Touch[10454:60b] Unlimited access to network resources
2014-01-02 06:47:17.276 Kids In Touch[10454:60b] Resetting plugins due to page load.
2014-01-02 06:47:18.157 Kids In Touch[10454:60b] Finished load of: file:///var/mobile/Applications/8DBB3EE2-A33D-4523-A51F-B72AJ21E5338/Kids%20In%20Touch.app/www/index.html#/intro
2014-01-02 06:47:19.629 Kids In Touch[10454:60b] Resetting plugins due to page load.
The Unlimited access to network resources clearly shows something is wrong. When I click on a bogus link to Google I put in the app, the console displays:
2014-01-02 06:47:20.755 Kids In Touch[10454:60b] Finished load of: https://www.google.com/
So clearly my access origin restriction is not actually restricting anything.
Is there something I am doing wrong? How do I prevent my app from accessing any resources outside the domain I've provided?
Thanks
I found the problem with this. For some reason, the config.xml file produced by cordova build ios is NOT the same as I have in my www folder.
There seems to be some default info in it THEN my real info from www/config.xml is appended to it. At the top of the default config info is <access origin="*" />.
So, the app is allowed all access.
I tried completely blowing out the existing config.xml by running cordova platform remove ios and then rerunning cordova build ios. This did not work. Each time I build, some default stuff is prepended to my real config.xml.
Cure for now until I dig deeper is to manual edit the config.xml after every build. When I do this and try to access a domain not configured with access origin, I get:
ERROR whitelist rejection: url='http://0.0.0.0:8080/accounts'
So, whitelisting works properly, but I've got a wonky build process to resolve.
UPDATE : There is a file platforms/ios/cordova/defaults.xml that contains the default settings for an XML file. It has the access origin * in it. I deleted that and a few other settings and can now build properly respecting the config.xml in my www folder.
All is well. Strange that these defaults get put into my final config.xml.
I ran into this problem too. As an alternative to deleting the defaults, you can ensure that your tags are placed immediately after the tag in the config.xml.
Related
I have been trying to upload an iOS app to Appstore but its only appearing on "Activity" tab for 3-5 minutes and then disappears.
Then I got an email from Apple saying that my app is rejected because it is using UIWebView in one of the view controller. I deleted that particular screen and reuploaded the app and had the same error email.
Then I checked my third-party sdks like FacebookLoginSDK and GoogleSignInSDK and updated those and then checked that if the app has no UIWebView which it did not. Then i reuploaded the app but this time again I had the same error email. I have searched the whole storyboard source code and the whole app code to look that if there is any sign for UIWebView but there is nothing, but still I am getting this email.
I also tried deleting 'Derived Data' folder several times and cleaning the build folder also but nothing helps.
On the other hand I have uploaded a different app today which had UIWebView and it got approved but I also got the same email for not using UIWebView.
Does anybody had this kind of experience or can anybody tell me whats going on ?
I got the same issue before.
If you have uploaded the build and showing it in activity tab for few minutes then its not mean that issue is only about UIWebview but there can be some other issue as well.
I have uploaded my app n got the mail related to UIWebview, so I coverted the UIWebview to WKWebView and again I uploaded but that time same thing happend.
I failed to tackle the problem.
Then I mailed to Apple Developer Support and they replied like
Any of the third party library internally using some privacy data you should ask permission for the same.
Then I checked Info.plist, I have given each permission in list still how it comes that we don't understand.
Finally then after whole search the one third party library internally using motion related data without permission so this happened.
Then I have added that in plist and then again uploaded and its approved.
So please you can check your info.plist and also check whether your third party library using any privacy sensitive data without permission or not.
May it help you at some point.
Make sure you update all your plugins to the latest version!
Check this: https://ionicframework.com/blog/understanding-itms-90809-uiwebview-api-deprecation where you can find the plugins that have known issues concerning the old WebView usage.
But be aware that uninstalling and re-installing some plugins will NOT will not install the latest available version of the plugin!
So to be sure that you are re-installing the latest version of a plugin, go to the github repository of the cordova plugin and search for the plugin.xml file and open it. Then, copy the version string found in the root xml element.
Finally, install the plugin like that: ionic cordova plugin add plugin_name#copied_version
<?xml version='1.0' encoding='utf-8'?>
<plugin id="cordova-plugin-firebase" version="2.0.5"
xmlns="http://apache.org/cordova/ns/plugins/1.0"
xmlns:android="http://schemas.android.com/apk/res/android">
<name>Google Firebase Plugin</name>
...
...
...
</plugin>
Are you using the AdMob plugin?
It is not enough to check for the absence of "UIWebView" strings!
You have to make sure that all third party plugins are up to date.
One of the trickiest situations I had went to is when I had tried to update an app (using AdMob) on the AppStore after Apple started rejecting apps using the UIWebView.
The generated iOS source code has no UIWebView references, but still rejected!
After a long headache, I realized that the Google AdMob SDK version I'm using is out of date, knowing that I had updated the AdMob plugin from the CLI, but it seems that the SDK is not updated when updating from the npm.
Finally, I had downloaded the latest AdMob SDK from this link https://developers.google.com/admob/ios/download and replaced it in the source code of the AdMob SDK plugin. Then I had followed the instructions found in this link https://developers.google.com/admob/ios/quick-start to update the code in the xCode.
Failing to get the cordova-plugin-geolocation 4.0.1 to work in an iOS app, despite following all instructions. When the app asks for location permission, the geolocation message displays the path of the webview:
/Users/.../Library/Developer/CoreSimulator/Devices/.../www/index.html
rather than the name of the app and the message in the NSLocationWhenInUseUsageDescription string.
I have tried solutions in other answers (1, 2, 3):
The location is not requested until well after the device is ready --- this happens only when the user goes to a particular page in the app.
I have removed and added the plugin many times. All plugin files seem to be where they should be.
The NSLocationWhenInUseUsageDescription is properly set in config.xml and info.plist. And just to be safe, the variable GEOLOCATION_USAGE_DESCRIPTION is also set in config.xml.
Please help!
It turns out that we had overlooked a solution that has already been suggested (here and here) by others. Namely, cordova.js must be included in index.html. This is not documented in the Cordova geolocation plugin.
I am using this plugin.
https://github.com/EddyVerbruggen/cordova-plugin-googleplus
The implementation works fine for android. But google sign in on iOS opens safari webview and throws 400 invalid_request.
I am using the ios client id and reverse client id generated on google developer console.
Anyways to debug or know what the issue is?
The usual cause of this error is having an incorrect REVERSE_CLIENT_ID. Double check that you have the REVERSE_CLIENT_ID from the plist file downloaded when you set up the iOS application registration on the Google developer console. Note that if you got it wrong, changing this is difficult, as it gets copied into various locations and won't update automatically if you just try to change it in config.xml. When I mistakenly used my Android client ID to set up the plugin, I found that as well as config.xml I also needed to change the top level package.json file, and the <appname>-Info.plist in the platforms/ios directory in order to get the correct ID used.
I want to create an app icon, splash screen, edit the app name, and set some cordova / app settings.
meteor run ios opens up the simulator but doesn't open or the project. Where is that project and does this Xcode project ever get overwritten? I don't want to lose any settings I make.
For example I want to set the app url scheme so I can implement a redirect to the app. I also want to set cordova preferences to disallow over scroll. Typically I would do these things from within the .xcodeproj but where is it and when does it get overwritten / reset?
From what i have seen from the docs and my experience so far
meteor run ios only runs the iOS emulator with your code in it. The code related to this build is in .meteor/local/cordova-build but is temporary and will get overwritten all the time
meteor run ios-device -p yourlocalip:yourlocalport will launch XCode with the cordova-built .xcodeproject, and a local server on your computer. It is intended to make you able to run and debug your code from an actual iPhone device, with the changes you make on your computer to the code repercuted instantly on the iPhone screen. You need your computer and your phone to be on the same Wifi to enable this feature. The code related to this build is in .meteor/local/cordova-build but is temporary and will get overwritten all the time
meteor build /Path/To/Builds/Directory/NewBuild -p yourserverhost:yourserverip will actually create the cordova-built .xcodeproject pointing to your real server at the path you specified. From this project you can customize as much as you want BUT you will indeed loose these settings with a new build...
Except if you use the yourproject/cordova-build-override/ folder !
As described in the offical cordova meteor docs under "Advanced build configuration" everything you put in this folder will overwrite the files created by meteor during its build. So you can configure everything in the Cordova/Phonegap way there. If you were able to configure your features through Cordova usually, you will be able to do it there.
Bonus that I have learned the hard way :
Always destroy the .meteor/local folder before building one of those three things, i got stuck in a state where XCode remembered some of my changes to the .xcodeproject and everything was messed up. After destroying this folder, everything went back to normal :)
hope i helped
Mickael
If you are looking for the path to the Xcode project in your filesystem, it is located at:
/path/to/project/.meteor/local/cordova-build/platforms/ios/<project>.xcodeproj
You'll have to navigate to your project directory and open .meteor because it is a hidden file.
Note: If you want to be able to see hidden files in finder on a mac, then type into your terminal defaults write com.apple.finder AppleShowAllFiles TRUE, and then restart finder. Change TRUE to FALSE to only see visible files.
I've installed Phonegap using the npm and my app is working great, except when I call window.open to launch a website it does not give me the footer with the done button so my app get's stuck on the called web page.
I am using XCode to build an ios app.
I've used npm to add the InAppBrowser plugin. It added the to to the config.xml.
I've added the site to my whitelist in config.xml. The site opens fine, just without the done button/footer.
It added the InAppBrowser plugin entry to:
/#myapp#/platforms/#platform#/www/cordova_plugins.js
It added the InAppBrowser plugin folder in /#myapp#/platforms/#platform#/plugins/
The related SRC files for InAppBrowser are in the platform folder as well
(for example IOS plugin src files are: /#myapp#/platforms/#platform#/#appname#/Plugins/)
I added a console.log function to InAppBrowser.js to confirm that the plugin is loaded, but it does not generate a log entry.
I've tried many things to get the footer/done button to show without any success, but I seem to be missing something here.
I solved this problem by recreating the Xcode project using cordova (instead of phonegap). I went through all of the solutions several times with no luck, so I used the terminal to build a new cordova project, added the InAppBrowser to the project, then copied my code and assets from the old project to the new one. Launched the app on my ipad and it all worked just fine.
I don't suspect it's a problem with Phonegap 3.1.0. I think there was a project issue that kept it from working and starting over with a clean project did the trick.
All is well.
One note is that I saw postings that reported cordova interrupts the console.log function, so be careful with that. Alerts work just fine.