[
https://issues.apache.org/jira/browse/CB-11341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim updated CB-11341:
---------------------
Description:
When Content Security Policy is modified (e.g. default-src: 'none'), it breaks
the camera access alert for iOS.
If the app is suspended and resumed, the camera access alert will pop-up - and
the following warning will be reported in Xcode.
Warning: Attempt to present <CDVCameraPicker: 0x170b7600> on
<MainViewController: 0x16d6f090> whose view is not in the window hierarchy!
However, if the iOS app is suspended and then resumed the camera access will
display correctly; this could indicate that the Content Security Policy can be
bypassed.
How to reproduce:
1. Install camera plugin 2.2.0
> cordova plugin add cordova-plugin-camera
2. Modify the CSP meta-tag in index.html
3. Build iOS
> cordova platform add ios
4. The camera access alert won't display when the app loads
5. Suspend the camera app using the home button. Return to the app. The camera
access alert will now display.
Expected behavior:
The camera plugin should not be affected by the Content Security Policy. And
"Cordova build ios" should catch poorly formatted CSP meta tags.
was:
When "Content-Security-Policy:" directive is missing from the content
attribute, the Camera access alert won't display. However, if the iOS app is
suspended and then resumed the Camera access will display correctly; this could
indicate that the Content Security Policy can be bypassed.
<meta http-equiv="Content-Security-Policy" content=" default-src: 'none'" />
Doesn't work as expected. The camera alert access is not shown.
<meta http-equiv="Content-Security-Policy" content="Content-Security-Policy:
default-src: 'none'" />
Works as expected. The camera alert access is shown.
How to reproduce:
1. Install camera plugin 2.2.0
> cordova plugin add cordova-plugin-camera
2. Remove "Content-Security-Policy:" from the "content" attribute for Content
Security Policy meta tag in index.html
3. Build iOS
> cordova platform add ios
4. The camera access alert won't display when the app loads
5. Suspend the camera app using the home button. Return to the app. The camera
access alert will now display.
Expected behavior:
The camera plugin should not be affected by the Content Security Policy. And
"Cordova build ios" should catch poorly formatted CSP meta tags.
> Camera access affected by CSP
> -----------------------------
>
> Key: CB-11341
> URL: https://issues.apache.org/jira/browse/CB-11341
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin Camera
> Affects Versions: 2.2.0
> Environment: iOS 8.4 - iPhone 4S
> Reporter: Tim
> Priority: Minor
> Labels: iOS, triaged
>
> When Content Security Policy is modified (e.g. default-src: 'none'), it
> breaks the camera access alert for iOS.
> If the app is suspended and resumed, the camera access alert will pop-up -
> and the following warning will be reported in Xcode.
> Warning: Attempt to present <CDVCameraPicker: 0x170b7600> on
> <MainViewController: 0x16d6f090> whose view is not in the window hierarchy!
> However, if the iOS app is suspended and then resumed the camera access will
> display correctly; this could indicate that the Content Security Policy can
> be bypassed.
> How to reproduce:
> 1. Install camera plugin 2.2.0
> > cordova plugin add cordova-plugin-camera
> 2. Modify the CSP meta-tag in index.html
> 3. Build iOS
> > cordova platform add ios
> 4. The camera access alert won't display when the app loads
> 5. Suspend the camera app using the home button. Return to the app. The
> camera access alert will now display.
> Expected behavior:
> The camera plugin should not be affected by the Content Security Policy. And
> "Cordova build ios" should catch poorly formatted CSP meta tags.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
