Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v3] Cors problems when using images with file URI from the Camera plugin and with Cropper.js #258

Closed
peterpeterparker opened this issue Jan 8, 2019 · 6 comments · Fixed by #270
Closed

[v3] Cors problems when using images with file URI from the Camera plugin and with Cropper.js #258

peterpeterparker opened this issue Jan 8, 2019 · 6 comments · Fixed by #270
Labels
released

Comments

@peterpeterparker
Copy link

peterpeterparker commented Jan 8, 2019
edited
Loading

Ionic version:

Ionic-Angular v4-RC
Ionic-Native v5.0.0-beta.21

Current behavior:
I try to migrate from v2.3.1 to v3.0.0 and face problems when I use the camera plugin an try to take or upload an image from the gallery respectively I'm not able to display any images from that source anymore

I followed the migration's guide (no custom property, use convertFileSrc and allow-navigation set to *) and furthermore added app-file: to my csp rules img-src and connect-src

I face the two following errors:

  1. When I parse the result of the camera to an image tag, I get the following csp error
Refused to load unsafe:app-file:///Users/...-790013700987/tmp/cdv_photo_002.jpg because it does not appear in the img-src directive of the Content Security Policy.
  1. When I parse the result of the camera in Cropper.js library (https://github.com/fengyuanchen/cropperjs) I get the following error:
Cross origin requests are only supported for HTTP.
XMLHttpRequest cannot load app-file:///Users...08DAB8373B8F/tmp/cdv_photo_003.jpg due to access control checks.

I tried to set cross-origin: "anonymous" as attribute to all <img/> but it didn't helped

Expected behavior:
As with v2.3.1, I want to be able to use this stack in order to display and manipulate images in my app

Related code:

Camera code: https://github.com/fluster/fluster-app/tree/master/src/app/modals/core/photo-picker

CSP: https://github.com/fluster/fluster-app/blob/master/src/index.html

Config.xml: https://github.com/fluster/fluster-app/blob/master/config.xml

Demo repo

The 2nd problem could be reproduced with the following simple demo repo: https://github.com/peterpeterparker/ionic-webview-camera-cropperjs
@peterpeterparker peterpeterparker mentioned this issue Jan 8, 2019
Closed
@peterpeterparker
Copy link
Author

peterpeterparker commented Jan 8, 2019
edited
Loading

  1. The "Refused to load unsafe:" error could be solved, if using Angular, while using the DomSanitizer

For example:

import {DomSanitizer, SafeUrl} from '@angular/platform-browser';

constructor(private sanitizer: DomSanitizer) {
}

sanitize(url: string): SafeUrl {
     return this.sanitizer.bypassSecurityTrustUrl(url);
}

<img [src]="sanitize(imgURI)"/>

@peterpeterparker
Copy link
Author

I have put together a simple demo repo to reproduce the above 2nd error: https://github.com/peterpeterparker/ionic-webview-camera-cropperjs

The error doesn't occurs with Webview v2.3.1 respectively in my app in store but does occurs with Webview v3.0.0

The problem occurs at the following line of Cropper.js when the library try to load the image while using xhr: https://github.com/fengyuanchen/cropperjs/blob/6759d59e288b22095d91656f0868b6a676f638bd/src/js/cropper.js#L162

@peterpeterparker peterpeterparker changed the title [v3] Cors problems when using images with file URI (from the Camera plugin) [v3] Cors problems when using images with file URI from the Camera plugin and with Cropper.js Jan 9, 2019
@pengkobe
Copy link

hello. is there any updates?

@Bramzor
Copy link

Bramzor commented Jan 13, 2019

Problem is that on v3.0.0 the webserver is disabled and even in v2.3.1 with the security alert it tells you to disable the webserver. Does it help to whitelist app-file in config.xml?

jcesarmobile added a commit to jcesarmobile/cordova-plugin-ionic-webview that referenced this issue Jan 14, 2019
@jcesarmobile
fix: Use a single scheme for all files
75d22e6 
Use ionic:// for app assets and local files instead of having multiple schemes based on the file
type

fix ionic-team#258
jcesarmobile added a commit to jcesarmobile/cordova-plugin-ionic-webview that referenced this issue Jan 14, 2019
@jcesarmobile
fix: Use a single scheme for all files
3e05cce 
Use ionic:// for app assets and local files instead of having multiple schemes based on the file
type

fix ionic-team#258
jcesarmobile added a commit to jcesarmobile/cordova-plugin-ionic-webview that referenced this issue Jan 14, 2019
@jcesarmobile
fix: Use a single scheme for all files
0ac1e37 
Use ionic:// for app assets and local files instead of having multiple schemes based on the file
type

fix ionic-team#258
jcesarmobile added a commit to jcesarmobile/cordova-plugin-ionic-webview that referenced this issue Jan 14, 2019
@jcesarmobile
fix: Use a single scheme for all files
f8e893b 
Use ionic:// for app assets and local files instead of having multiple schemes based on the file
type

fix ionic-team#258
@jcesarmobile jcesarmobile mentioned this issue Jan 14, 2019
Merged
mlynch pushed a commit that referenced this issue Jan 16, 2019
@jcesarmobile @mlynch
fix: Use a single scheme for all files (#270)
3d1bcdd 
Use ionic:// for app assets and local files instead of having multiple schemes based on the file
type

fix #258
Ionitron added a commit that referenced this issue Jan 17, 2019
@Ionitron
chore(release): 3.1.0 [skip ci]
3d36a3c 
# [3.1.0](v3.0.0...v3.1.0) (2019-01-17)

### Bug Fixes

* **ios:** Fix video playback of files with uppercase extension ([#264](#264)) ([2c4b225](2c4b225)), closes [#260](#260)
* Set engines to require Cordova CLI 7.1.0 or newer ([#276](#276)) ([40f42e1](40f42e1)), closes [#263](#263)
* Use a single scheme for all files ([#270](#270)) ([3d1bcdd](3d1bcdd)), closes [#258](#258)

### Features

* **Android:** Make app Scheme configurable with a preference ([#274](#274)) ([18d9f2c](18d9f2c)), closes [#269](#269) [#255](#255)
@Ionitron
Copy link
Collaborator

🎉 This issue has been resolved in version 3.1.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@azad47808
Copy link

I have the same problem in the ionic 4 project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Use a single scheme for all files jcesarmobile/cordova-plugin-ionic-webview
5 participants
@Bramzor @Ionitron @pengkobe @peterpeterparker @azad47808