Content Security Policy not work
80 views
Skip to first unread message
Ahmad Ganjtabesh
Nov 25, 2015, 11:13:47 AM11/25/15
to phonegap
Hi there
Please help!
I have updated phonegap to version 5.3.8, cordova to 5.4.0, npm to 3.3.12, and node to 5.1.0 then I have a problem with csp!
I build an an app that connect to socket.io and transceive some data.
Before update everything work like a charm but now app can not connect to socket server ( my laptop )
my config.xml include:
<access origin="*" />
<allow-intent href="*" />also my index.html include:
<meta http-equiv="Content-Security-Policy" content="default-src *; connect-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
and also app.js ( server ) include:
var cors = require('cors');app.use(cors({ origin: '*', credentials: true}));app.use(function (req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With"); res.header("Access-Control-Allow-Methods", "GET, PUT, POST"); if ('OPTIONS' === req.method) { res.status(204).send(); } else { next(); }});Please help!
Steve Sobol - Lobos Studios
Nov 25, 2015, 12:49:26 PM11/25/15
to phon...@googlegroups.com
Are you using Angular (or Ionic Framework, which includes Angular)?
--
-- You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
For more info on PhoneGap or to download the code go to www.phonegap.com
---
You received this message because you are subscribed to the Google Groups "phonegap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to phonegap+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-- Lobos Studios | Phone: 877.919.4WEB | LobosStudios.com | Facebook.com/LobosStudios | @LobosStudios Web Development - Mobile Development - Helpdesk/Tech Support - Computer Sales & Service Acer Authorized Reseller - Computers, Windows and Android Tablets, Accessories Steve Sobol - CEO, Senior Developer and Server Jockey st...@LobosStudios.com
Ahmad Ganjtabesh
Nov 25, 2015, 12:54:36 PM11/25/15
to phonegap
No, I use Framework7 and it's DOM
I think it's no matter because I use socket.io for this end
Ajax request work without any problem but socket can't connect
Thank you
Jesse Monroy
Nov 25, 2015, 4:50:36 PM11/25/15
to phonegap
@Ahmad,
The has nothing to do with Content Security Policy.
You need to do more reading, because you terms are incorrect.
There are now four (4) working security parts to every app (after 5.0.0)
You included three (3)
READ HOW TO apply the Cordova/Phonegap the whitelist system
and when you have time
READ Top Mistakes by Developers new to Cordova/Phonegap
Add the following to your config.xml
You are missing
If you still have problems, let us know.
Best of Luck
Jesse
The has nothing to do with Content Security Policy.
You need to do more reading, because you terms are incorrect.
There are now four (4) working security parts to every app (after 5.0.0)
You included three (3)
READ HOW TO apply the Cordova/Phonegap the whitelist system
and when you have time
READ Top Mistakes by Developers new to Cordova/Phonegap
Add the following to your config.xml
<allow-navigation href="*" /> <allow-intent href="*" />
<access origin="*" /> <!-- Required for iOS9 -->
You are missing
<allow-navigation href="*" />
If you still have problems, let us know.
Best of Luck
Jesse
Kerri Shotts
Nov 26, 2015, 1:52:08 AM11/26/15
to phonegap
How do you _know_ your app can't connect? Are you getting error messages logged to the console? Any that indicate your CSP is being violated? Also, what platform(s) are you developing for?
Ahmad Ganjtabesh
Nov 26, 2015, 2:47:48 AM11/26/15
to phonegap
@Jesse, I add it but does not work!
@Kerri, when I open project on browser, node js log a new connection but in mobile app it does not!
I develop it for android
Ahmad Ganjtabesh
Nov 26, 2015, 7:44:56 AM11/26/15
to phonegap
I create a new and fresh phonegap project and Finally it works!
Thanks all
On Wednesday, November 25, 2015 at 10:13:47 AM UTC-6, Ahmad Ganjtabesh wrote:
Jesse Monroy
Nov 27, 2015, 4:28:43 PM11/27/15
to phonegap
Do you know what changed, if anything? This would be useful to other persons
with similar problems in the future.
TIA
Jesse
with similar problems in the future.
TIA
Jesse
Ahmad Ganjtabesh
Nov 27, 2015, 5:52:31 PM11/27/15
to phonegap
No! It's waste my time for at least 1 day and I test everything you think but I can't found the problem!
I think it is probably due to phonegap and cordova version because my previous version is very low for about 1 year ago and deffenetly those change during this time! So where I create a new fresh app with phonegap everything work like a charm!
Its like restart OS that is common for windows users to fix some ( certain ) problem ;)
Thanks all
Jesse Monroy
Nov 28, 2015, 1:33:32 AM11/28/15
to phonegap
@Ahmad,
one likelyhood is the movement of the plugins. There is a self-serving policy for plugins in place.
This means if you are working with plugins that do not have version numbers, then it possible you
will have (for a short time) an experimental plugin and never know - unless you explicitly check on it.
For App developers, the policy for plugins is, if you do not set the version number, you will get the latest version.
The best thing to do is make sure all your plugins have a version number. This way once you have a version working you, you can make sure it is there the next time.
Jesse
one likelyhood is the movement of the plugins. There is a self-serving policy for plugins in place.
This means if you are working with plugins that do not have version numbers, then it possible you
will have (for a short time) an experimental plugin and never know - unless you explicitly check on it.
For App developers, the policy for plugins is, if you do not set the version number, you will get the latest version.
- In Phonegap Build, this causes untold number of issues.
- With Cordova/Phonegap CLi, most developers don't know until they encounter the bug (or issue)
To be clear on this last point, Plugin developers can (without general announcement) change the plugin as long as they up the version. Usually, this does not problems.
The best thing to do is make sure all your plugins have a version number. This way once you have a version working you, you can make sure it is there the next time.
Jesse
Jesse Monroy
Nov 28, 2015, 1:40:48 AM11/28/15
to phonegap
Sorry the crappy editor closed before I was done.
ORIGINAL
ORIGINAL
To be clear on this last point, Plugin developers can (without general announcement) change the plugin as long as they up the version. Usually, this does not problems.
CORRECTION
To be clear on this last point, Plugin developers can (without general announcement) change the plugin as long as they up the version. Usually, this does not cause problems. However, a recent example shows how things can go wrong.
Cordova iOS 3.9.2 was released
https://cordova.apache.org/announcements/2015/11/02/cordova-ios-3.9.2.html
Cordova iOS 3.9.0 (3.9.1) was the pinned version
https://cordova.apache.org/news/2015/09/22/tools-release.html
Cordova iOS 3.9.0 (3.9.1) was the pinned version
https://cordova.apache.org/news/2015/08/13/tools-release.html
Apache Cordova iOS 3.9.0
https://cordova.apache.org/announcements/2015/08/04/cordova-ios-3.9.0.html
As you can see, there is NO official release for 3.9.1. What happen?
A bug fix was made and put in place, but no official announcement was made.
Best of Luck
Jesse
To be clear on this last point, Plugin developers can (without general announcement) change the plugin as long as they up the version. Usually, this does not cause problems. However, a recent example shows how things can go wrong.
Cordova iOS 3.9.2 was released
https://cordova.apache.org/announcements/2015/11/02/cordova-ios-3.9.2.html
Cordova iOS 3.9.0 (3.9.1) was the pinned version
https://cordova.apache.org/news/2015/09/22/tools-release.html
Cordova iOS 3.9.0 (3.9.1) was the pinned version
https://cordova.apache.org/news/2015/08/13/tools-release.html
Apache Cordova iOS 3.9.0
https://cordova.apache.org/announcements/2015/08/04/cordova-ios-3.9.0.html
As you can see, there is NO official release for 3.9.1. What happen?
A bug fix was made and put in place, but no official announcement was made.
Best of Luck
Jesse
Reply all
Reply to author
Forward
0 new messages