iOS 10 compatibility

This has been working correctly, but now I’m receiving this error:

=> Errors executing Cordova commands:

While adding plugin https://github.com/meteor/cordova-plugin-meteor-webapp.git#8bf95eed3f313299fc2de33658866278eea2cdc5 to Cordova project:
Cordova error: Failed to fetch plugin https://github.com/meteor/cordova-plugin-meteor-webapp.git via git.
Either there is a connection problems, or plugin spec is incorrect:
Error: git: Command failed with exit code 128 Error output:
fatal: reference is not a tree: 8bf95eed3f313299fc2de33658866278eea2cdc5

Is there anything to change? Thanks for your help.

I cloned the whole repo locally, there is no longer a separate tree for Swift3.

@ramez
What should we do to get rid of that error and still be able to work with Swift3 till few days ago?
Thanks

I think what you need is this meteor add cordova:cordova-plugin-meteor-webapp@1.4.1

In my case I compile with meteor twice. First time I get swift errors when building,second time they do away. Don’t yet know why.

That worked, thank you.

I’m running into this issue as well but not with Cordova. Just a standard web app.

I’ve tried the following versions:

default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' ws://* wss://*;
default-src * 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' ws://* wss://*;
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' ws: wss:;
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';
default-src * data: blob: gap: 'unsafe-inline' 'unsafe-eval' ws: wss:;
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' http://192.168.0.4:* wss://192.168.0.4:* ws://192.168.0.4:* ws://* wss://*;
default-src * 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' http://192.168.0.4:* wss://192.168.0.4:* ws://192.168.0.4:* ws://* ws://* wss://*;
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' http://192.168.0.4:* wss://192.168.0.4:* ws://192.168.0.4:* ws: wss:;
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' http://192.168.0.4:* wss://192.168.0.4:* ws://192.168.0.4:*;
default-src * data: blob: gap: 'unsafe-inline' 'unsafe-eval' http://192.168.0.4:* wss://192.168.0.4:* ws://192.168.0.4:* ws: wss:;

And boilerplate-generator is at version 1.0.10.

But, testing locally, I’m still getting:

[Error] Refused to connect to ws://192.168.0.4:3000/sockjs/540/cnepflb6/websocket because it does not appear in the connect-src directive of the Content Security Policy.

Anyone have any other ideas? This is pretty vexing.

P.S. I suspect this is also causing Meteor to fallback to XHR and loading things much more slowly. But not 100% certain of that.

Did you override the CSP in boilerplate-html? If you just add it after, I noticed it gets ignored.

Hmmm. No. I did not. Let me try that.

The logic is unclear to me though. The latest devel branch of boilerplate-pack does not add this CSP tag to the header for web boilerplate, only for Cordova. But some of the comments here (https://github.com/meteor/meteor/issues/7772) imply that previous version, but now not iOS 10, would apply the Cordova CSP in the WKWebView. So I’m not sure if the change should be made to:

https://github.com/meteor/meteor/blob/devel/packages/boilerplate-generator/boilerplate_web.browser.html

or

https://github.com/meteor/meteor/blob/devel/packages/boilerplate-generator/boilerplate_web.cordova.html

Okay. More info: This is a problem in Safari whether launched from a home screen icon or through the Safari app.

What’s more…the meta tag is there in the final HTML file on the device.

I’m planning to try the following from here (https://github.com/meteor/meteor/issues/7772):

meteor update --release 1.4.2-beta.4

(or maybe meteor update --release 1.4.2-beta.13)

But I’m skeptical.

UPDATE: Neither 1.4.2-beta.4 or 1.4.2-beta.13 resolve this problem for me.

Can or should this be set through BrowserPolicy instead for a straight (non-Cordova) web app?

Sorry @ccuilla, you’re right, the CSP meta tag is only set for Cordova.

Should it be set for both? Seems so. That said, when I set it manually, and it gets down to the browser, it still doesn’t seem to work. I’m wondering if we’re dealing with a Safari issue more than a Meteor issue.

Has anyone considered whether this is a Safari (more specifically WebKit) bug?

I still have the problem that user login fails if the app has been started for the very first time on iOS. Everything else (like publications or methods) is working. But after entering user credentials and clicking on the login button, nothing happens. There is no clue about any issue in the logs, neither in the Safari log nor in the Xcode log. The login just fails, and the login dialog stays in the logging-in mode.

If I close the app right after the first start and re-open it, the login usually works. It also sometimes works if I click around in the app before trying to login. But if I try to login directly after the very first startup, login fails. I am using useraccounts:bootstrap.

Any idea what’s going on here?

I found an npm package, meteor-ios10-csp-fix which solved the meta tag issue for me when editing it manually didn’t seem to work. Quick and easy

I see a lot of people having this problem with a Cordova app (and presenting solutions for that).

Who is having this problem with a non-Cordova web app? Have you solved it? How?

BrowserPolicy.content.allowConnectOrigin('https://yourdomain');
BrowserPolicy.content.allowConnectOrigin('ws://yourdomain');
BrowserPolicy.content.allowConnectOrigin('wss://yourdomain');

I’ve run into this issue where the Facebook App webview loads our app… without the CSP fix added to the webapp, we run into the same wss issue as the ios10 cordova app.

If there is a reason to not add the CSP header to the webapp, I’d love to hear it

I’ve run into this issue where the Facebook App webview loads our app… without the CSP fix added to the webapp, we run into the same wss issue as the ios10 cordova app.

I’m guessing these are all the same issue at the core. Basically iOS 10 updated WKWebView to be more secure and require the CSP in this case where it might have been a bit more permissive in the past. _And…_things like Cordova, FB App web view, Chrome, Safari, launching from homescreen (basically a special web bookmark) are all using the same WKWebView and are all affected by this.

If there is a reason to not add the CSP header to the webapp, I’d love to hear it

I do think the CSP header needs to be added for all, but the method of adding seems to differ. With Cordova, Meteor’s boilerplate code adds it for you. With a non-Cordova web app, you need to use BrowserPolicy:

meteor add browser-policy

(I’m at version 1.0.9)

And then somewhere (in the server code actually) during startup, do this:

BrowserPolicy.content.allowConnectOrigin('https://yourdomain');
BrowserPolicy.content.allowConnectOrigin('ws://yourdomain');
BrowserPolicy.content.allowConnectOrigin('wss://yourdomain');

You might be able to manually add this:

<meta http-equiv="Content-Security-Policy" content="default-src * gap: data: blob: 'unsafe-inline' 'unsafe-eval' ws: wss:;">

To your client/main.html under if you’re not using BrowserPolicy. I did not test that. But if you’re using BrowserPolicy, it is setting that meta tag and the one you set manually in client/main.html will be ignored (or at least that’s how it looks).

Hope this helps.

Actually I ended up getting a working implementation where React-Helmet adds the CSP to the head. Have yet to actually do it for ‘just iOS’, but it seems to work for now

@martijnwalraven
I just build a very simple app based on meteor-ionic-angular using this official whatsapp tutorial:

Upto this step:
https://angular-meteor.com/tutorials/whatsapp/meteor/meteor-server-methods

I am using the latest version of meteor i.e Meteor 1.4.2.6
Also patched using:

meteor update --patch

Now when I run my app for ios using this command:

meteor run ios-device

It opens my code in Xcode and when I run the build, it gives too many errors:

My XCode version is: 7.3.1

It works perfect for android. But for IOS I get all these errors.

Is there any workaround to fix these errors?