[GitHub] guylando opened a new issue #295: Mixed content forbids to load cdvfile:// from remote https page

[GitBox <gi...@apache.org>]

guylando opened a new issue #295: Mixed content forbids to load cdvfile:// from remote https page
URL: https://github.com/apache/cordova-plugin-file/issues/295
 
 
   This plugin is supposed to allow to load images via:
   <img src="cdvfile://localhost/assets/www/images/img.svg" />
   on android
   <img src="cdvfile://localhost/bundle/www/images/img.svg" />
   on ios,
   if the csp tag has cdvfiile://* whitelisted for img-src.
   
   However when using this from a remotely https loaded page its considered "mixed content" and ios warns about it but android totally blocks it with the error:
   
   Mixed Content: The page at 'https://www.site.com' was loaded over HTTPS, but requested an insecure image 'cdvfile://localhost/assets/www/images/img.svg'. This request has been blocked; the content must be served over HTTPS.
   
   Is there any way to bypass this using some config.xml whitelisting tags?
   allow-intent and allow-navigation tags have anything to do with this?
   
   I had the following in config.xml:
   <access origin="*" />
   <access origin="cdvfile://*" />
   
   Or is cdvfile not supported for https loaded remote pages? In that case I suggest to write a note about this in the cdvfile documentation which currently says nothing about it.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org