You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "rejeb (JIRA)" <ji...@apache.org> on 2016/10/03 09:22:20 UTC

[jira] [Created] (CB-11944) insecure resource 'gap://ready'.

rejeb created CB-11944:
--------------------------

             Summary: insecure resource 'gap://ready'.
                 Key: CB-11944
                 URL: https://issues.apache.org/jira/browse/CB-11944
             Project: Apache Cordova
          Issue Type: Bug
         Environment: cordova 6.2.0
npm 3.10.7
node v6.4.0
            Reporter: rejeb
            Priority: Blocker


I want loading exterenal https URL inside my webview cordova.

My content security
⟨meta http-equiv="Content-Security-Policy" content="default-src 'self' data: cdvfile://* gap: https://ssl.gstatic.com https://*  http://*   'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src https://*  'self' 'unsafe-inline' 'unsafe-eval'; media-src *"⟩

Android error is :
Mixed Content: The page at 'https://mydomaine.net' was loaded over HTTPS, but requested an insecure resource 'gap://ready'. This content should also be served over HTTPS.

IOS error :
Message from debugger: Terminated due to memory issue

my config.xml

<content src="https://mydomaine.net" />
    <plugin name="cordova-plugin-whitelist" spec="1" />
    <access origin="*" subdomains="true" />
    <allow-intent href="http://*/*" />
    <allow-intent href="https://*/*" subdomains="true" />
    <allow-intent href="tel:*" />
    <allow-intent href="sms:*" />
    <allow-intent href="mailto:*" />
    <allow-intent href="geo:*" />
    <allow-navigation href="http://*/*" />
    <allow-navigation href="https://*/*" subdomains="true" />
    <allow-navigation href="data:*" />
    <allow-navigation href="*" />
    <allow-navigation href="*://*/*"/>
    <access origin="http://*/*" />
    <access origin="https://*/*" subdomains="true" />
    <access origin="content:///*" />
    <access origin="cdvfile://*" />

I Want from my external url (https) inside my webview have access to my device (ex :camera, localisation, notification, etc) but in chrome://inspect/#devices they turn 404 for gap://ready (cordova.js line 978)

The same exemple with http work correctly for IOS and android.
I'm blocked and I can't finish my application because my external url is in https

any idea or solution ?





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org