7 Replies Latest reply on Sep 29, 2016 12:52 PM by rejeb01

    Anyone tested on iOS 10?

    nialle87056827 Level 1

      I've been trying to run my phonegap app on iOS 10 and it takes forever to do anything and then the locally stored images aren't shown.

       

      Wondering if its just me?

        • 1. Re: Anyone tested on iOS 10?
          nialle87056827 Level 1

          Just managed to get to debugging (after installing the beta of xcode and then fighting with gapDebug not showing logs forever - then remembered I could see the logs in safari).

           

          So I get this message when the app starts

           

          Refused to load gap://ready because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.

           

          I remember having to fight with the content security policy for android, but not sure about where to put the gap://ready to solve this.

           

          Any ideas?

          • 2. Re: Anyone tested on iOS 10?
            nialle87056827 Level 1

            Panic over, got it working.

             

            Just needed to add gap://ready and also file: to my Content-Security-Policy for the default source

             

            <meta http-equiv="Content-Security-Policy" content="default-src * gap://ready file:; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *">  

             

            Hope this doesn't hit anyone else who doesn't update their app before iOS 10 is released.

            • 3. Re: Anyone tested on iOS 10?
              rejeb01 Level 1

              I'm in IOS 10.0.2

              when I try to inspect my app with safari my app crash and I have this error : Message from debugger: Terminated due to memory issue

              I execute the same code but in android I have this error

              cordova.js:978 GET gap://ready net::ERR_UNKNOWN_URL_SCHEMEpokeNative @ cordova.js:978(anonymous function) @ cordova.js:996

              data:text/html,chromewebdata:1 Mixed Content: The page at 'https://mydomaine.net' was loaded over HTTPS, but requested an insecure resource 'gap://ready'. This content should also be served over HTTPS.

              any idea ?

              • 4. Re: Anyone tested on iOS 10?
                nialle87056827 Level 1

                As my reply above mentions you need to add this to your index.html, or atleast the gap://ready to whatever is there.

                 

                <meta http-equiv="Content-Security-Policy" content="default-src * gap://ready file:; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *"> 

                • 5. Re: Anyone tested on iOS 10?
                  rejeb01 Level 1

                  I tried this content security

                  ⟨meta http-equiv="Content-Security-Policy" content="default-src 'self' data: cdvfile://* gap: https://ssl.gstatic.com https://*  http://*   'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src https://*  'self' 'unsafe-inline' 'unsafe-eval'; media-src *"⟩Android error is :

                  Mixed Content: The page at 'https://mydomaine.net' was loaded over HTTPS, but requested an insecure resource 'gap://ready'. This content should also be served over HTTPS.

                   

                  with this content security

                  ⟨meta http-equiv="Content-Security-Policy" content="default-src 'self' data: cdvfile://* gap://ready https://ssl.gstatic.com https://*  http://*   'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src https://*  'self' 'unsafe-inline' 'unsafe-eval'; media-src *"⟩android error is :

                  cordova.js:983 Refused to frame 'gap://ready' because it violates the following Content Security Policy directive: "default-src 'self' data: cdvfile://* gap://ready https://ssl.gstatic.com https://* http://* 'unsafe-eval' 'unsafe-inline'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

                   

                  Your solution don't work form me

                   

                  my problem is loading external https URL inside my webview. I think is impossible because no external URL is allowed.

                  my config.xml

                  ...

                  <content src="https://mydomaine.net" />

                      <plugin name="cordova-plugin-whitelist" spec="1" />

                      <access origin="*" subdomains="true" />

                      <allow-intent href="http://*/*" />

                      <allow-intent href="https://*/*" subdomains="true" />

                      <allow-intent href="tel:*" />

                      <allow-intent href="sms:*" />

                      <allow-intent href="mailto:*" />

                      <allow-intent href="geo:*" />

                      <allow-navigation href="http://*/*" />

                      <allow-navigation href="https://*/*" subdomains="true" />

                      <allow-navigation href="data:*" />

                      <allow-navigation href="*" />

                      <allow-navigation href="*://*/*"/>

                      <access origin="http://*/*" />

                      <access origin="https://*/*" subdomains="true" />

                      <access origin="content:///*" />

                      <access origin="cdvfile://*" />

                  ...

                   

                  cordova-plugin-whitelist/README.md at master · apache/cordova-plugin-whitelist · GitHub

                  Intent Whitelist

                  Contrôle quels URL l'app n'est autorisé à poser le système d'ouverture. Par défaut, aucun external URL est autorisés.

                  top-phonegap-mistakes/whitelist-matrix.md at master · jessemonroy650/top-phonegap-mistakes · GitHub

                  5. allow-intent

                  Controls which URLs the app is allowed to ask the *system* to open. By default, no external URLs are allowed.

                  Any ideas ?

                  • 6. Re: Anyone tested on iOS 10?
                    kerrishotts Adobe Community Professional

                    It seems to me that you're trying to load an external resource into your web view, and then trying to use local device functionality somehow. Don't do that. There's many reasons to avoid doing so, but you're running into one in particular: you're now on an https origin, and that severely restricts what the web view will allow. On iOS with UIWebView, gap:// is the URI scheme used for communication between web and native, but because you're on https://, gap:// isn't going to be allowed (insecure).

                     

                    Bring your UI code local to the device, and things like this become a lot simpler because you'll be running from a local file which doesn't have the same restrictions.

                     

                    Finally: Apple will absolutely reject an app that wraps an external website.

                    • 7. Re: Anyone tested on iOS 10?
                      rejeb01 Level 1

                      Thanks for your answer,

                      I tried to load cordova.js from local but doesn't work.

                      <script src="cdvfile://localhost/bundle/www/cordova.js" /> 

                      could you give me more details about your idea "Bring your UI code local to the device, and things like this become a lot simpler because you'll be running from a local file which doesn't have the same restrictions."

                      Thanks in advance.