Start a new topic

ios 10 content security policy issue

Hi I'm trying to get my app to run on Xamarin SDK 5.3 on ios 10.x  I'm using both geo location and image overlays.


The problem lies in the csp set for the app <meta http-equiv="Content-Security-Policy" content="default-src * gap://ready file:; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *"

 
This allows the app to run on ios 10 with location updates enabled, but it does not let image overlays to be loaded.  The javascript runs and just stops on 
this.tracker = new AR.ClientTracker("assets/HaylieBrae.wtc" , {
 onLoaded: this.worldLoaded,
 onError: this.errorLoading
 });

If I comment out
AR.context.onLocationChanged = World.locationChanged;

and remove the security policy the app runs and loads the resources without issue, just doesnt have location updates.


Thus it looks like the csp is stopping the AR from loading the assets.  How do I fix this?


BTW if I dont have the security policy in place and have the context for onLocationChanged commented in, the app crashes on ios 10.  Runs fine on ios 9


With thanks in advance


Hi Halldor,

Can you send me a screenshot of your Xamarin Studio console or a crash log file?


Did you tried to use geo AR in our component example project?


Best regards,

Andreas

Sure here you go.  


As I mentioned the app has worked fine in previous versions of ios. Im wondering whether it is due to an xcode upgrade?  I'm going to try and downgrade to either 8.1. or 7.x and recompile.


I've also attached my view controller and main wikitude js file.  

js
cs

Hi Halldor,

The log message indicates some issues with the 3d model and maybe the animation. Could you try to not create/start the model animation and let me know the result?


Best regards,

Andreas

Hi Halldor,

I'm a bit confused with what you wrote ;) You mentioned Xamarin as your development environment but `gap://ready` in the csp snippet. This gap snippet refers to a Cordova application. Is there a particular reason why you added the gap csp snippet?


iOS 9/10 require user descriptions for camera and location access. Without those descriptions given in the applications info.plist, the app will crash as soon as you use any location or camera related APIs. Can you please make sure that you have the `NSCameraUsageDescription` and `NSLocationWhenInUseUsageDescription` defined in your applications info.plist?


Please let me know if that resolves your issues.


Best regards,

Andreas


Hi Andreas


The gap ready was basically me grasping at straws trying to get the app to work on ios10.  I do have those variables defined in my info.plist.  Here it is in full in case I missed something.


<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

 <key>CFBundleIdentifier</key>

 <string>com.dunedinarts.HBAug</string>

 <key>CFBundleShortVersionString</key>

 <string>1.6</string>

 <key>CFBundleVersion</key>

 <string>1.6</string>

 <key>LSRequiresIPhoneOS</key>

 <true/>

 <key>MinimumOSVersion</key>

 <string>8.3</string>

 <key>UIDeviceFamily</key>

 <array>

  <integer>1</integer>

 </array>

 <key>UILaunchStoryboardName</key>

 <string>LaunchView</string>

 <key>UIMainStoryboardFile</key>

 <string>Main</string>

 <key>UIMainStoryboardFile~ipad</key>

 <string>Main</string>

 <key>UIRequiredDeviceCapabilities</key>

 <array>

  <string>armv7</string>

 </array>

 <key>UISupportedInterfaceOrientations</key>

 <array>

  <string>UIInterfaceOrientationPortrait</string>

  <string>UIInterfaceOrientationLandscapeLeft</string>

  <string>UIInterfaceOrientationLandscapeRight</string>

 </array>

 <key>UISupportedInterfaceOrientations~ipad</key>

 <array>

  <string>UIInterfaceOrientationPortrait</string>

  <string>UIInterfaceOrientationPortraitUpsideDown</string>

  <string>UIInterfaceOrientationLandscapeLeft</string>

  <string>UIInterfaceOrientationLandscapeRight</string>

 </array>

 <key>XSAppIconAssets</key>

 <string>Assets.xcassets/AppIcons.appiconset</string>

 <key>CFBundleDocumentTypes</key>

 <array>

  <dict>

   <key>CFBundleTypeName</key>

   <string>MKDirectionsRequest</string>

   <key>LSItemContentTypes</key>

   <array>

    <string>com.apple.maps.directionsrequest</string>

   </array>

  </dict>

 </array>

 <key>UIBackgroundModes</key>

 <array>

  <string>location</string>

 </array>

 <key>NSCameraUsageDescription</key>

 <string>Please allow the use of the camera so the app works properly</string>

 <key>NSAllowsArbitraryLoadsInWebContent</key>

 <string>Please allow the app to load an external web page to show the link properly</string>

 <key>NSPhotoLibraryUsageDescription</key>

 <string>Please allow the use of the photo library so the app can store snapshots</string>

 <key>NSLocationAlwaysUsageDescription</key>

 <string>Please allow the app to update its location information when in use</string>

 <key>NSLocationWhenInUseUsageDescription</key>

 <string>Location services are required for this app to work properly</string>

 <key>NSMotionUsageDescription</key>

 <string>Please allow the app to use the device movement in order to work properly</string>

 <key>CFBundleName</key>

 <string>View North Ayrshire</string>

 <key>NSAppTransportSecurity</key>

 <dict>

  <key>NSAllowsArbitraryLoads</key>

  <true/>

  <key>NSAllowsArbitraryLoadsInWebContent</key>

  <true/>

 </dict>

 <key>NSLocationUsageDescription</key>

 <string>Please allow the app to use your location to work properly</string>

</dict>

</plist>



Hitherto I have not needed a csp command, i.e. for ios 9.  Do I need it for ios 10?  Am I just missing something in my info.plist?


Thanks


btw the crash I get from xamarin when I remove the csp and keep the javascript command :

AR.context.onLocationChanged = World.locationChanged;

Commented in, is a mono_handle_native_sigsegv +260 with no native stack trace.  


I am currently using xcode 8.2.1 

C

Login or Signup to post a comment