search

capacitor-community / electron

Deploy your Capacitor apps to Linux, Mac, and Windows desktops, with the Electron platform! 🖥️
https://capacitor-community.github.io/electron/
MIT License
342 stars 59 forks source link

Capacitor-community/electron not working with https/http after capacitor library update from version 2 to 3.4 #184

Open fahad-cinnova opened 2 years ago

fahad-cinnova commented 2 years ago

I have recently update the capacitor library for my ionic project. But after update the capacitor library my android and ios versions are working fine. But my windows version not working . I'm not able to send any http/https request.

I have update elector capacitor below From: "@capacitor-community/electron": "^1.4.2", To: "@capacitor-community/electron": "^4.1.0",

My others versions are below "@capacitor/core": "^3.4.3", "@capacitor/ios": "^3.4.3", "@capacitor/android": "^3.4.3", "@ionic/pwa-elements": "^3.0.2", "@ionic/angular": "^5.0.0",

Please let me know if anyone have an idea to resolve my problem. This is the screen shot of console. @IT-MikeS image

xgiral-metacodi commented 2 years ago

Fix: Refused to connect to 'https://www.domain.com' because it violates the following Content Security Policy directive: "default-src capacitor-electron://*

File electron/src/setup.ts Line aprox: 229.

BEFORE

 'Content-Security-Policy': [
          electronIsDev
            ? `default-src ${customScheme}://* 'unsafe-inline' devtools://* 'unsafe-eval' data:`
            : `default-src ${customScheme}://* 'unsafe-inline' data:`,
        ],

AFTER

'Content-Security-Policy': [
          electronIsDev
            ? `default-src ${customScheme}://* 'unsafe-inline' devtools://* 'unsafe-eval' http://* 'unsafe-eval' https://* 'unsafe-eval' ws://* 'unsafe-eval' wss://* 'unsafe-eval' data:`
            : `default-src ${customScheme}://* 'unsafe-inline' http://* 'unsafe-eval' https://* 'unsafe-eval' ws://* 'unsafe-eval' wss://* 'unsafe-eval' data:`,
        ],
jdgjsag67251 commented 2 years ago

Fix: Refused to connect to 'https://www.domain.com' because it violates the following Content Security Policy directive: "default-src capacitor-electron://*

File electron/src/setup.ts Line aprox: 229.

BEFORE

 'Content-Security-Policy': [
          electronIsDev
            ? `default-src ${customScheme}://* 'unsafe-inline' devtools://* 'unsafe-eval' data:`
            : `default-src ${customScheme}://* 'unsafe-inline' data:`,
        ],

AFTER

'Content-Security-Policy': [
          electronIsDev
            ? `default-src ${customScheme}://* 'unsafe-inline' devtools://* 'unsafe-eval' http://* 'unsafe-eval' https://* 'unsafe-eval' ws://* 'unsafe-eval' wss://* 'unsafe-eval' data:`
            : `default-src ${customScheme}://* 'unsafe-inline' http://* 'unsafe-eval' https://* 'unsafe-eval' ws://* 'unsafe-eval' wss://* 'unsafe-eval' data:`,
        ],

While this does work, it is not very secure. Your app would be more secure if you add the specific URL's to the CSP (or even better, if you just bundle the resource). This site could help: https://report-uri.com/home/generate.

viniciusnevescosta commented 1 year ago

Fix: Refused to connect to 'https://www.domain.com' because it violates the following Content Security Policy directive: "default-src capacitor-electron://*

File electron/src/setup.ts Line aprox: 229.

BEFORE

 'Content-Security-Policy': [
          electronIsDev
            ? `default-src ${customScheme}://* 'unsafe-inline' devtools://* 'unsafe-eval' data:`
            : `default-src ${customScheme}://* 'unsafe-inline' data:`,
        ],

AFTER

'Content-Security-Policy': [
          electronIsDev
            ? `default-src ${customScheme}://* 'unsafe-inline' devtools://* 'unsafe-eval' http://* 'unsafe-eval' https://* 'unsafe-eval' ws://* 'unsafe-eval' wss://* 'unsafe-eval' data:`
            : `default-src ${customScheme}://* 'unsafe-inline' http://* 'unsafe-eval' https://* 'unsafe-eval' ws://* 'unsafe-eval' wss://* 'unsafe-eval' data:`,
        ],

While this does work, it is not very secure. Your app would be more secure if you add the specific URL's to the CSP (or even better, if you just bundle the resource). This site could help: https://report-uri.com/home/generate.

This helped me a lot, I just want to know how to add the specific url's to the Firebase Cloud Firestore, if you know how I would appreciate it, thanks anyway

fromage9747 commented 1 year ago

This doesn't always work. Especially on first time launch of the app. If you close and open it again, it may work.

The CSP settings aren't always applied. Perhaps it's a timing issue?

xgiral-metacodi commented 1 year ago

This doesn't always work. Especially on first time launch of the app. If you close and open it again, it may work.

The CSP settings aren't always applied. Perhaps it's a timing issue?

Are you tried on production complilation?

fromage9747 commented 1 year ago

@xgiral-metacodi Yup. App is built in production mode.