Adobe PhoneGap - iOS app not loading until swipe up for Control Center
41 views
Skip to first unread message
Stephen Smith
Jun 7, 2017, 12:43:24 PM6/7/17
to phonegap
I am using Adobe PhoneGap with Cordova cli-6.5.0 and Apple install in a development mode. On an iPad 2 (iOS 9.3.5) the app works correctly on launch, but on an iPhone SE and an iPhone 7 both running current iOS 10.3.2 the app will not launch until I swipe up and bring the Control Center up. Not sure if it is an iOS version issue or device issue.
Same bug occurs whether the app is in Airplane mode for offline page or online to begin the app. My guess is onDeviceReady is not responding on the iPhone test until the Control Center is brought up.
Any suggestions?
Same bug occurs whether the app is in Airplane mode for offline page or online to begin the app. My guess is onDeviceReady is not responding on the iPhone test until the Control Center is brought up.
Any suggestions?
Kerri Shotts
Jun 7, 2017, 1:47:22 PM6/7/17
to phonegap
See response here:
Mohammad Abid
Jun 9, 2017, 6:25:32 AM6/9/17
to phonegap
Hi Kerri,
We have added Content-Security-Policy tag in index.html as per your suggestion, But still unable to get https request. Simply our Terms&Condition is on web page but App is not able to open this web page in IOS 10.3.2. In Older version it was working fine.Please suggest?.
K.
Jul 21, 2017, 10:50:53 AM7/21/17
to phonegap
Hi Mohammad,
Hope you figured this out. I am new to the CSP stuff but I did read that if you want a specific link to open, then in the .html file where it is to load, you have to embed <meta> tag with the Content-Security-Policy header (not sure if case sensitive) to read something like
Mind you, I am only 1 day old in my awareness of CSP and how to use it, but I believe you have to have the CSP meta tag on generally every html page (see source note 5 reference) & to be safe you should include default-src 'self' to catch any unset rule.
"Note: Whitelist cannot block network redirects from a whitelisted remote website (i.e. http or https) to a non-whitelisted website. Use CSP rules to mitigate redirects to non-whitelisted websites for webviews that support CSP." -- github (see URL sources 2 below)
Somewhere I read you should have both whitelist in your config and in the CSP in your HTML, otherwise you are still technically vulnerable to XSS.
Hope this helps and not confuses because my eyes are rolling w/all this info. LOL
sources:
1. https://github.com/jessemonroy650/top-phonegap-mistakes/blob/master/the-whitelist-system.md
2. https://github.com/apache/cordova-plugin-whitelist/blob/master/README.md
3. https://content-security-policy.com/
4. https://www.w3.org/TR/CSP2/#content-security-policy-header-field
5. https://github.com/jessemonroy650/top-phonegap-mistakes/blob/master/whitelist-csp-examples.md
6. https://www.html5rocks.com/en/tutorials/security/content-security-policy/
Hope you figured this out. I am new to the CSP stuff but I did read that if you want a specific link to open, then in the .html file where it is to load, you have to embed <meta> tag with the Content-Security-Policy header (not sure if case sensitive) to read something like
<meta http-equiv="Content-Security-Policy" content="default-src http://www.yourdomain.com; " >github (see URL sources 2 below)
If you use UIWebView in your config.xml file, I believe, then for iOS development, you have to use gap: with the web url --
Mind you, I am only 1 day old in my awareness of CSP and how to use it, but I believe you have to have the CSP meta tag on generally every html page (see source note 5 reference) & to be safe you should include default-src 'self' to catch any unset rule.
"Note: Whitelist cannot block network redirects from a whitelisted remote website (i.e. http or https) to a non-whitelisted website. Use CSP rules to mitigate redirects to non-whitelisted websites for webviews that support CSP." -- github (see URL sources 2 below)
Somewhere I read you should have both whitelist in your config and in the CSP in your HTML, otherwise you are still technically vulnerable to XSS.
Hope this helps and not confuses because my eyes are rolling w/all this info. LOL
sources:
1. https://github.com/jessemonroy650/top-phonegap-mistakes/blob/master/the-whitelist-system.md
2. https://github.com/apache/cordova-plugin-whitelist/blob/master/README.md
3. https://content-security-policy.com/
4. https://www.w3.org/TR/CSP2/#content-security-policy-header-field
5. https://github.com/jessemonroy650/top-phonegap-mistakes/blob/master/whitelist-csp-examples.md
6. https://www.html5rocks.com/en/tutorials/security/content-security-policy/
Reply all
Reply to author
Forward
0 new messages