erisu commented on a change in pull request #70: URL: https://github.com/apache/cordova-plugin-device-motion/pull/70#discussion_r476464366
########## File path: README.md ########## @@ -27,12 +27,172 @@ description: Access accelerometer data. # cordova-plugin-device-motion +# Usage Notice + +With the [W3C Device Orientation API](https://www.w3.org/TR/orientation-event/), Android, iOS, and Windows devices may not need this plugin anymore. + +However, for iOS 13+, a [secure context](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts) is required. Apple does not allow access to the device’s motion or the permission request from an insecure browsing context. + +If you use a custom scheme, i.e., the `app` protocol, for your iOS app, the browsing context is considered insecure. To solve this problem and be able to use the device motion feature, this plugin will be necessary on iOS 13+. Review comment: > Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost URLs (under certain conditions), and file:// URLs are also considered to have been delivered securely. > > Resources that are not local, to be considered secure, must meet the following criteria: > > * must be served over https:// or wss:// URLs > * the security properties of the network channel used to deliver the resource must not be considered deprecated Maybe it is the `localhost` that is bypassing the Secure Context. If you ask Apple, I am sure they will claim that as a bug and will include the scheme as part of the check. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
