You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/03/02 23:18:31 UTC

[GitHub] guylando opened a new issue #561: gap://ready documentation missing + mixed content policy is blocking loading local files into https page loaded into the webview

guylando opened a new issue #561: gap://ready documentation missing + mixed content policy is blocking loading local files into https page loaded into the webview
URL: https://github.com/apache/cordova-ios/issues/561
 
 
   Steps to reproduce:
   1. Navigate the webview to https://anysite.com using:
   `window.location.replace('https://anysite.com');` after device ready event.
   2. In the remote site try to load local js file using file://... or using file plugin cdvfile://....
   
   Will get the error:
   "[blocked] ...was not allowed to run insecure content.."
   
   On android there is a way to configure the webview to prevent mixed content policy errors, any solution for ios?
   
   This is mixed content policy error and not App transport security or csp error so modifying them does not help.
   
   What I can't find documentation about and dont understand is how the gap://ready iframe used by cordova-ios does not get blocked by the mixed content policy?! I understood that this iframe is used for the communication with the native side, where is the documentation about it? did you register gap as a custom scheme and are handling the url? How did it bypass the mixed content policy? because if I copy cordova.js and other scripts to remote site and load them then cordova works and the gap://ready iframe works without mixed content policy errors.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org