科尔多瓦 - 插件白名单在Android上工作,但没有的iOS(PhoneGap的生成) [英] cordova-plugin-whitelist working on Android but not iOS (Phonegap Build)
问题描述
我工作的一个JavaScript的应用程序包在科尔多瓦和内置的PhoneGap构建。我们包括科尔多瓦-插件白名单从我们构建NPM并增加<获得原产=*/> 我们config.xml和开放的CSP(< META HTTP-EQUIV =内容安全性政策的内容=默认的src *;花柱-src的'自我''不安全-inline';脚本的src'自我''不安全的内联'不安全-EVAL'> 在我们的index.html)。该应用程序工作正常Android和会谈,我们的服务器没有问题,但在iOS上的所有请求,如果白名单插件不会通过让交通立即失败。
I'm working on a JavaScript app wrapped in Cordova and built with Phonegap Build. We're including cordova-plugin-whitelist from npm in our build and have added <access origin="*" /> to our config.xml and an open CSP (<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">) in our index.html. The app works fine on Android and talks to our server without issues, but on iOS all requests fail immediately as if the whitelist plugin isn't letting traffic through.
我已经尝试了许多不同的生成配置的情况下,打破了东西在科尔多瓦的特定版本,但一直没能得到这个在所有的工作。我有一个类似的问题与其他的PhoneGap /科尔多瓦的应用程式在过去,但能与白名单插件/ CSP /访问规则来解决它。
I've tried a number of different build configurations in case something broke in a particular version of Cordova, but haven't been able to get this to work at all. I've had a similar issue with other Phonegap/Cordova apps in the past but was able to solve it with the whitelist plugin/CSP/access rule.
这个问题也一直很难调试,因为Safari开发工具将无法连接到iOS设备和我有提醒我看到的响应。它看起来像回来的反应状态code 0和一个空的身体,我假设只是表示不可达。
This issue has also been difficult to debug since the Safari Developer Tools won't connect to the iOS device and I'm having to alert the responses I'm seeing. It looks like the response coming back has a status code 0 and an empty body, which I'm assuming just means unreachable.
推荐答案
您可能需要设置连接-SRC在内容安全性策略,例如:
You may well need to set the connect-src in your Content-Security-Policy, for example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src http://YOUR_HOST">
此外,对于X code 7/9的iOS则需要调整ATS设置,以允许非HTTPS连接后端,如果你没有使用SSL:
Additionally for Xcode 7 / iOS 9 you will need to adjust the ATS settings to allow connections to non https backends if you aren't using SSL:
下面是改变你的应用程序的信息的.plist工作的例子:
Here's a working example of the change to your app's info .plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
(注意:您也可以配置此有选择地允许非HTTPS连接)。
(Note you can also configure this to selectively allow non https connections).
和下面的脚本,你可以为pre构建钩使用的iOS做到这一点自动:
And here's a script you could use as a pre build hook for iOS to do this automatically:
#!/bin/bash
echo "Adjusting plist for App Transport Security exception."
val=$(/usr/libexec/plistbuddy -c "add NSAppTransportSecurity:NSAllowsArbitraryLoads bool true" platforms/ios/PROJECTNAME/PROJECTNAME-Info.plist 2>/dev/null) echo "Done"
刚换出PROJECTNAME为您的项目的名称。
Just swap out PROJECTNAME for the name of your project.
这篇关于科尔多瓦 - 插件白名单在Android上工作,但没有的iOS(PhoneGap的生成)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
