elm / http

Make HTTP requests in Elm
https://package.elm-lang.org/packages/elm/http/latest
BSD 3-Clause "New" or "Revised" License
154 stars 46 forks source link

Failed xhr.open gives BadUrl, but may be caused by security restrictions #33

Open StefanLiebig opened 7 years ago

StefanLiebig commented 7 years ago

I wrote a little Elm (0.18.0) app that plays with the giphy.com api. It works within the browser. But while moving it to cordova (android) I received the message "badUrl: ..." for a good url. I inserted in https://github.com/elm-lang/http/blob/master/src/Native/Http.js at try { xhr.open(request.method, request.url, true); } catch (e) { return callback(_elm_lang$core$Native_Scheduler.fail({ ctor: 'BadUrl', _0: request.url })); } an alert( e ); This unveiled the real cause. In my case it was a problem with the "Content Security Police".

I think "badUrl" is too generic and can be misleading. Is there any good way to incorporate the "real" cause?

process-bot commented 7 years ago

Thanks for the issue! Make sure it satisfies this checklist. My human colleagues will appreciate it!

Here is what to expect next, and if anyone wants to comment, keep these things in mind.

evancz commented 7 years ago

Can you say more about exactly what the error you saw was? To capture it and state it explicitly, I must be able to reproduce it.

StefanLiebig commented 7 years ago

Yes, the alert shows: image It is a screen shot from the android emulator. It also occurs on the device.

For reproducing it you have to install cordova (https://cordova.apache.org/#getstarted) and add the android platform. Then I tweaked the example app (https://cordova.apache.org/docs/en/latest/guide/cli/index.html) such that the example www/js/index.js embeds the JavaScript code of my Elm app. The content security policy element within the index.html is <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;"> I hope this helps.