search

duddu / cordova-plugin-antitampering

Verify the integrity of cordova static assets - Android / iOS
MIT License
22 stars 20 forks source link

🤔 `apple-app-site-association` is not in filter #4

Closed WuglyakBolgoink closed 7 years ago

WuglyakBolgoink commented 7 years ago

I think apple-app-site-association should be in filer too

Example:

.well-known/apple-app-site-association

Fix in /cordova-plugin-antitampering/scripts/save_assets_hash.js:

 return fs.statSync(path.join(dir, file)).isFile() &&
                (/.*\.(js|html|htm|css)$/.test(file) || file === 'apple-app-site-association');

or, maybe, it will be better validate all files (images, fonts, etc...)?!

duddu commented 7 years ago

Hi, thanks for your feedback. I was thinking about a solution like this:

How does that sound to you?

WuglyakBolgoink commented 7 years ago

Hi @duddu,

that sound perfect!

duddu commented 7 years ago

Ok, I will write here as soon as I've something ready

WuglyakBolgoink commented 7 years ago

Thank you @duddu !

duddu commented 7 years ago

Solved with v0.2.0

WuglyakBolgoink commented 7 years ago

Hi @duddu

this file was ignored by plugin 😹 v0.2.0: 

.well-known/apple-app-site-association
duddu commented 7 years ago

Ah, nice! Solve everything but your very issue... Very strange, the test passed with different extensions... l'll have a look in a few hours!

duddu commented 7 years ago

Seems like cordova doesn't copy hidden directories into the platform_www during the prepare hook. So the plugin skips the .well-known directory for the reason that it doesn't exist in the platform target. And that makes me doubt: I don't know how the apple-app-site-association works on apps, but are you sure that this file should stay into the www directory? Not uploaded on the https domain associated?

WuglyakBolgoink commented 7 years ago

@duddu

currently I ignored apple-app-site-association on mobile app.. And I think, this file we need only in desktop version... So you can ignore my case. :)