Can't Read Scrom File In IOS

[TinkerBuild]

Bug Report

WebPageProxy::Ignoring request to load this main resource because it is outside the sandbox. In real device

Problem

Can't read the file in cordova ios.

What is expected to happen?

What does actually happen?

Information

Command or Code

Environment, Platform, Device

Version information

Checklist

• [x] I searched for existing GitHub issues
• [x] I updated all Cordova tooling to most recent version
• [x] I included all the necessary information above

[TinkerBuild]

Error Log: 2021-01-22 10:57:45.720099+0700 CQ Academy[398:22865] [Loading] Received an unexpected URL from the web process 2021-01-22 10:57:45.720240+0700 CQ Academy[398:22865] [Process] 0x101838a18 - [pageProxyID=13, webPageID=14, PID=401] WebPageProxy::Ignoring request to load this main resource because it is outside the sandbox

[breautek]

Please fill in the form.

How are you trying to load this resource? It sounds like you're trying to navigate the Cordova webview to a local file that is outside of your app's sandbox (ie outside of your app bundle), which the WKWebView disallows.

[afioletov]

Hi @breautek,

We have similar issue and I created new bug with details: #1134 Are you sure that WKWebView disallows access to all files outside the bundle? Error says "outside the sandbox" and data container it a part of sandbox:

[breautek]

I didn't know how to respond to your last remark but I finally got around the time of researching.

It appears WebKit terminology of "Sandbox" does not mean the same thing as the iOS sandbox.

First we can see where WebKit prints out the sandbox error in question here, and it does so when checkURLReceivedFromCurrentOrPreviousWebProcess returns false.

That method does a few different checks, but I believe the main reason why it doesn't work is because I believe m_mayHaveUniversalFileReadSandboxExtension is false.

We know it doesn't enter any of the conditions and eventually reaches to process.checkURLReceivedFromWebProcess(url); because of your error message prints a couple lines before. This brings us to the WebProcessProxy class. Again, it does some further checks, but the interested one is the m_mayHaveUniversalFileReadSandboxExtension variable is falsy because we do see "Received an unexpected URL from the web process" being printed.

So looking to see if/when that variable becomes truthy, that seems to be handled in WebPageProxy::maybeInitializeSandboxExtensionHandle

In maybeInitializeSandboxExtensionHandle, we also see a lot of references of resourceDirectoryURL.

From the Appe Docs

So I believe this is what instructs WKWebView that it is okay to load in content from the app bundle container, so I think the first half of maybeInitializeSandboxExtensionHandle.

The second half of that method here is what needs to run successfully for WKWebVIew to grant access to loading content outside of the app bundle container. willAcquireUniversalFileReadSandboxExtension method is what sets m_mayHaveUniversalFileReadSandboxExtension to true.

In macOS, the top-level nonlocalized resource directory is typically called Resources but in iOS, it is the main bundle directory.

I'm not an expert on the WebKit base at all, but based on the information available, I believe if (auto handle = SandboxExtension::createHandle("/", SandboxExtension::Type::ReadOnly)) { is returning a nullish/falsey value and the code is not entering the if condition, restricting access to outside of the app bundle.

I don't know if there is a path to make it work, but I think this makes it clear that when WebKit talks about the sandbox, it isn't the same as the iOS sandbox architecture. It's talking about a broad sandbox (as this code is not strictly for iOS, it's used for mac as well).

[dpogue]

I've marked this issue as stale because it's been over a year with no further comments. If this is still an issue in the latest cordova-ios version and an up-to-date iOS version, please let us know. Otherwise, this issue will be closed.

[dpogue]

Closing as stale.