[jira] [Updated] (CB-11341) Camera affected by CSP

["Tim (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/CB-11341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim updated CB-11341:
---------------------
    Summary: Camera affected by CSP  (was: Camera depends on CSP)

> Camera affected by CSP
> ----------------------
>
>                 Key: CB-11341
>                 URL: https://issues.apache.org/jira/browse/CB-11341
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin Camera
>    Affects Versions: 2.2.0
>         Environment: iOS 8.4 - iPhone 4S
>            Reporter: Tim
>            Priority: Minor
>              Labels: iOS, triaged
>
> When "Content-Security-Policy:" directive is missing from the content attribute
> <meta http-equiv="Content-Security-Policy" content=" default-src: 'none'" />
> This causes the Camera plugin not to work properly. Only when the iOS app is suspended and resumed will the Camera access alert work. Could mean there's a security risk to CSP if an iOS app is suspended and resumed.
> <meta http-equiv="Content-Security-Policy" content="Content-Security-Policy: default-src: 'none'" />
> attribute is removed from the Content Security Policy meta tag in index.html. Only when the iOS app is suspended and resumed will the Camera access alert be displayed.
> How to reproduce:
> 1. Install camera plugin 2.2.0
> > cordova plugin add cordova-plugin-camera
> 2. Remove "media-src" from Content Security Policy meta tag in index.html
> 3. Build iOS
> > cordova platform add ios
> 4. The camera access alert won't display when the app loads
> 5. Suspend the camera app using the home button. Return to the app. The camera access alert will now display.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org