superdump
commented
8 years ago @stefanalund - perhaps you know how to fix this? Can it be just a small change in the API or application options somewhere?
Open longsleep opened 8 years ago
superdump
commented
8 years ago @stefanalund - perhaps you know how to fix this? Can it be just a small change in the API or application options somewhere?
lcamacho
commented
8 years ago There's a big trouble here since WKWebView blocks every mixed content on page and there's no exception to this rule at this time. I think the hole project should return to use UIWebView.
stefanalund
commented
8 years ago @lcamacho I'd really like to avoid that since the injection of our user script is really shaky when using UIWebView. With WKWebView it is rock solid.
@pererikb had some idea about using an IFrame that may be worth evaluating.
stefanalund
commented
8 years ago This has been fixed: https://github.com/EricssonResearch/bowser/issues/72#issuecomment-182390937
longsleep
commented
8 years ago Well, i think that #72 does not fix this ticket. Of course the https loading issue would be a problem, but i do not see how this fix could make the CSP accept the injection.
lcamacho
commented
8 years ago Look what they did with Safari extension and you may have an idea of what to do. https://github.com/EricssonResearch/openwebrtc-browser-extensions/blob/master/safari/OpenWebRTC.safariextension/bootstrap.js
stefanalund
commented
8 years ago Yep, you are correct. I was a bit quick to pull the trigger :-) Reopening.
stefanalund
commented
8 years ago Yes @longsleep @lcamacho one idea is to do the same on iOS, i.e. to first download the contents of owr.js from within the application and inject it to the WKWebView (instead of doing it in JavaScript).
Would you guys be willing/able to try that yourselves?
BonzaiThePenguin
commented
7 years ago first download the contents of owr.js from within the application and inject it to the WKWebView (instead of doing it in JavaScript).
That results in the following:
WebSocket connection to 'ws://localhost:10717/bridge' failed: WebSocket is closed due to suspension.
Bowser does treat the locally injected owr.js as insecure and thus fails to load it for any pages which implemented a CSP.
Refused to connect to 'http://localhost:10717/owr.js' because it violates the following Content Security Policy directive: "connect-src 'self' wss://spreed.me/ws blob:". 13.01.2016 17:13:43 SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.
This essentially makes it impossible to support Bowser with Spreed WebRTC as configured on https://spreed.me/ - The question for Bowser support came up in https://github.com/strukturag/spreed-webrtc/issues/251