Closed JarLowrey closed 7 years ago
In isolation, the operation to remove that element works fine:
However, while the plugin can remove config elements using <preference delete="true" />
syntax, it can't prevent other plugins adding it, which is what's happening in your case:
You are including cordova-plugin-x-socialsharing in your project which adds the WRITE_EXTERNAL_STORAGE
permission in its plugin.xml
.
Due to the way the Cordova CLI lifecycle works, if a plugin listed in the config.xml is missing from the plugins/
folder (e.g. in a CI environment where they are installed fresh every time), Cordova will install those plugins after any after_prepare
hook scripts have finished execution (i.e. this plugin). Therefore, this plugin is actually removing the element, but the social sharing plugin is re-adding it again:
However, once the plugin is present in the local project, subsequent prepare operations will not re-invoke its installation and therefore not re-add its config:
If you really need to remove this permission (I'm not sure why this would be essential) and you are unable to build in a local environment where the locally installed plugins persist, you could fork the social sharing plugin in order to remove that preference from its plugin.xml to prevent it being added to the AndroidManifest.xml each time the plugin is installed.
I'm just trying to remove as many permissions as possible, I don't want that to be a barrier to downloading.
This was an awesome response, thank you! If I understand you correctly, the solution would be to manually edit my local plugins to prevent the addition of those permissions and then subsequent builds will not overwrite the changes via a download or anything. Does that sound about right?
Yes, either edit the plugins locally or fork the Github repo, edit and push changes, then add the modified plugin to your project direct from your Github forked repo. The latter will prevent your local edits being overwritten.
Hey thanks much @dpa99c, it's much appreciated. I found references for which permissions user's are alerted about at this SO post, which references this file which lists out 'dangerous' permissions in the Android source code.
If you happen to know, what is the point of having this delete="true"
ability for permissions? If it will never work to fully remove the permissions (ie, the solution is always to edit local plugins due to the CLI lifecycle) why is it helpful? Or does it work in some scenarios? Is there any way to write hooks/scripts that integrate to Cordova CLI life cycle that prevent modifying local packages or forking plugin repos? That seems exceptionally burdensome, it's kind of unbelievable to me Cordova doesn't have a better method for this. Thanks much!
I edited all the plugins plugins.xml
locally, reran cordova prepare
and rebuilt the app, but all the permissions were still auto-added to AndroidManifest.xml. I then also edited platforms/android.json
, I guess because a previous build added the plugin permissions there but permissions still remain...
It seems like there are a million ways to go wrong here, and this is the only way to do it?
If you happen to know, what is the point of having this delete="true" ability for permissions?
As the output in my comments above illustrates, if the plugin is present locally, then the plugin config should not be re-applied on subsequent build
/prepare
operations (only on plugin_install
). In which case, delete=true
functions as expected to remove config added by plugins when they were installed on the next prepare
operation.
Run cordova prepare --verbose
to see detailed output of the order of operations in order to understand the Cordova CLI lifecycle.
Hey thanks again @dpa99c . Running cordova prepare --verbose
showed that the Android Manifest was not being rebuilt using the new local plugin info, but instead was restoring from plugins/cordova-custom-config/backup/android/AndroidManifest.xml
. I deleted that file and re-ran prepare and the permissions are updated! Is there a way to ignore the backup/why is a backup being saved?
Unless you are using a really old version of the plugin, auto-backup behaviour is turned off by default unless you explicitly enable it - see here.
The reason for having this option is that you can experiment with various custom configs in your config.xml
and have them removed by restoring the original AndroidManifest.xml. Otherwise, you'd have to manually remove the changes. See here.
That's interesting, thanks for the references. I have the newest version - 3.0.14, and no autorestore
property in my config.xml, but the backup file keeps getting made. Not sure why.
Have a look at the example project which contains unit test for the plugin. You can run the locally with npm test
. Hmm just noticed the CI tests are failing, but that's due to a dependency of CI environment setup.
Just cloned the example project, added android and ios platforms, and ran cordova prepare
and npm test
. All tests passed, but the backup folder is created. Inside of the backup folder are android/AndroidManifest.xml
and ios/*
where * is a lot of stuff.
In that example project autorestore="false"
in config.xml.
Backup folder is created but not restored unless autorestore is true. Set to false is same as omitting it. Try it.
Closed due to no response from OP
Adding the preference
among others, does not have any effect. When building, the AndroidManifest is regenerated and the permissions re-appear. I have tried deleting all platforms and plugins, re-adding the android platform and running
cordova prepare
to re-download the plugins.You can see my entire config.xml here. Thanks!