Re: Nomination for a new chair for Apache Cordova
+1 Thanks for everything you’ve done for Cordova. Jesse will do an amazing job, I have no doubt! Best, ~ Kerri Sent from my phone. > On Dec 7, 2018, at 08:36, Oliver Salzburg wrote: > > +1 > > Thanks for everything! > >> On Fri, Dec 7, 2018 at 10:22 AM Jan Piotrowski wrote: >> >> +1 >> >> Thanks to you both! >> Am Fr., 7. Dez. 2018 um 10:05 Uhr schrieb julio cesar sanchez >> : >>> >>> +1 >>> >>> And thanks to you for all this years and to him for taking over >>> >>> El El vie, 7 dic 2018 a las 8:02, Toplak Daniel >>> escribió: >>> Hello Shazron, thank you for your hard work the last few years and I will totally >> agree with the nomination of Jesse :-) +1 Grüße / Regards Daniel Toplak Head of Mobile Development > -Ursprüngliche Nachricht- > Von: Shazron > Gesendet: Friday, December 7, 2018 03:30 > An: dev@cordova.apache.org > Betreff: Nomination for a new chair for Apache Cordova > > Hello beloved Community! > I have been the chair of Apache Cordova since around April 2014 (~4.5 years). > > The duties are mostly administrative: board reports, PMC management >> etc. Some > of it is listed here in the README: > https://github.com/apache/cordova-apache-board-reports > > I think it is time for new leadership. I have decided to resign my duties as the > Apache Cordova chair, hopefully for the upcoming new year of 2019. > > I nominate Jesse MacFadyen as the next chair. Jesse has been with me >> at the start > when Cordova was PhoneGap. Although we didn't give birth to it, we helped work > on improving Cordova from being an infant to adulthood (together with our great > team), particularly on cordova-ios. > 10 years is adulthood in software! > > He has also contributed greatly to the other platforms and tooling, particularly > cordova-windows. He has the most experience with helping run the >> Cordova > project out of the remaining active contributors. > > As an Apache Member (https://www.apache.org/foundation/members.html) > he also understands and helps uphold 'The Apache Way' > (https://www.apache.org/foundation/how-it-works.html) and will be a great liaison > with the Board. > > I'm not going anywhere and I will still contribute to the project in >> my areas of > expertise. > > Thank you. > > - > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> For additional commands, e-mail: dev-h...@cordova.apache.org >> >> - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
Re: Stepping Back
Hey Joe — thanks for all your efforts over these years. Best of luck in your new team. Best, ~ Kerri Sent from my phone. > On Jun 20, 2018, at 14:22, Joe Bowser wrote: > > Hey > > As many people may be aware, I've moved on to another team at Adobe, so I > will no longer be able to be the primary maintainer of Cordova for Android, > and I won't be available to review any PRs in the future. It's been an > interesting decade of development, and I'm thankful for all the people who > chose to try and build applications with PhoneGap/Cordova, even if it > wasn't the right choice for them. > > Thanks > > Joe Bowser - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #727: CB-13247 - Blog post for Cordova iOS 4.5.0 R...
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/727#discussion_r137931549 --- Diff: www/_posts/2017-09-08-ios-release.md --- @@ -0,0 +1,72 @@ +--- +layout: post +author: +name: Shazron Abdullah +url: https://twitter.com/shazron +title: "Cordova iOS 4.5.0" +categories: announcements +tags: news releases +--- + +We are happy to announce a minor version of `Cordova iOS 4.5.0` has been released! + +Three new features were added: +1. [CB-12937](https://issues.apache.org/jira/browse/CB-12937) - Plugins can receive `handleOpenURLWithApplicationSourceAndAnnotation:` now (new selector, that sends the URL with additional metadata) +2. [CB-13164](https://issues.apache.org/jira/browse/CB-13164) - Integrated cordova-plugin-console to build in support for window.console. +3. [CB-10916](https://issues.apache.org/jira/browse/CB-10916) - Support [display name](/docs/en/dev/config_ref/index.html#name) for **iOS** + +Note that for [CB-13164](https://issues.apache.org/jira/browse/CB-13164) if you already included `cordova-plugin-console` in your project, you must **remove** that plugin if not your project will not build. --- End diff -- Perhaps > **Important!** If you have included `cordova-plugin-console` in your project, you must **remove** it, otherwise your project will not build. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
Re: Cordova-Android 7.0: Upgrading Java Requirement to 7.0
+1 Sent from my phone. ___ Kerri > On Jun 29, 2017, at 13:34, Joe Bowser wrote: > > Hey > > I think we should accept this PR to attract newer developers. Sure, we > could adopt Java 8, but I think being stuck with Java 6 may be limiting > contributions. Does anyone have any thoughts on this? > > https://github.com/apache/cordova-android/pull/380 - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
Re: cordova-lib proposal on test directory reorganization
Everything looked good from my once over -- thanks for the work you're putting in to this! Sent from my phone. ___ Kerri > On Jun 27, 2017, at 12:44, Filip Maj wrote: > > I'm planning on merging this in later today if there are no more > comments. So far only positive ones! > >> On Mon, Jun 26, 2017 at 7:45 AM, Filip Maj wrote: >> Still looking for a bit more feedback, please take a look if you have >> time! Thanks Anis for your feedback :) >> >> Don't worry about the diff / changeset (~1900 files changed!), the PR >> description, I think, summarizes the changes well enough. Almost all >> the changes are renaming files and tweaking the directory structure. >> >> I am thinking of merging this in Wednesday if I get no more comments, >> or possibly sooner if I get nothing but positive feedback. They are >> big directory structure changes, and the sooner we can get this in, >> the less rebase headache will exist. >> >> Thanks! >> Fil >> >>> On Thu, Jun 22, 2017 at 5:41 PM, Filip Maj wrote: >>> Proposal up in PR form here: https://github.com/apache/cordova-lib/pull/568 >>> >>> tl;dr consolidating `spec-cordova/` and `spec-plugman` directories >>> into one, setting up to for one-unit-test-spec.js per source-module.js >>> file. >>> >>> Looking for eyes and feedback! If you have any, please drop comments in the >>> PR. >>> >>> Thanks! >>> Fil > > - > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
Re: [DRAFT] Apache Cordova Board Report - June 2017
LGTM. Sent from my phone. ___ Kerri Shotts photoKandy Studios, LLC On the Web: http://www.photokandy.com/ Social Media: Twitter: @photokandy, http://twitter.com/photokandy Tumblr: http://photokandy.tumblr.com/ Github: https://github.com/kerrishotts https://github.com/organizations/photokandyStudios CoderWall: https://coderwall.com/kerrishotts Apps on the Apple Store: https://itunes.apple.com/us/artist/photokandy-studios-llc/id498577828 Books: http://www.packtpub.com/phonegap-2-mobile-application-hotshot/book http://www.packtpub.com/phonegap-social-app-development/book > On Jun 18, 2017, at 15:13, Shazron wrote: > > Please review and comment if necessary. > > I would like a couple of +1 or LGTM before I send it off on Monday > > https://github.com/cordova/apache-board-reports/blob/master/2017/2017-06.md
[GitHub] cordova-lib pull request #562: Removing lazy load, platform command refactor...
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-lib/pull/562#discussion_r122233685 --- Diff: spec-cordova/platform/index.spec.js --- @@ -0,0 +1,181 @@ +/** +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at +http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ +/* eslint-env jasmine */ + +var rewire = require('rewire'); +var platform = rewire('../../src/cordova/platform'); +var cordova_util = require('../../src/cordova/util'); + +describe('cordova/platform', function () { +var hooksRunnerRevert; +var projectRoot = 'somepath'; +beforeEach(function () { +// TODO: if we can change HooksRunner from a prototypal class to a function or object, +// we could eliminate the need for rewire here and use just jasmine spies. +hooksRunnerRevert = platform.__set__('HooksRunner', function () {}); +spyOn(cordova_util, 'cdProjectRoot').and.returnValue(projectRoot); +}); + +afterEach(function () { +hooksRunnerRevert(); +}); + +describe('main module function', function () { +describe('error/warning conditions', function () { +// TODO: what about other commands? update? save? +it('should require at least one platform for add and remove commands', function (done) { +// targets = empty array +platform('add', []).then(function () { +fail('should not succeed without targets'); +}, function (err) { +expect(err).toMatch(/You need to qualify.* with one or more platforms/gi); --- End diff -- Out of scope for this commit, but I'd love to see the ability to use `expect(err).toBeInstanceOf(CordovaErrors.ExpectedOneOrMorePlatforms)`. That way should the error message ever change, the test still passes. Plus, then we don't have to worry about ignoring dynamic portions of the error. I have no idea how big a job that might be (I expect it'd be pretty big!), so I'm just throwing it out there as a "nice-to-have", but I wouldn't want it to hold up any progress on this commit, which is super important. Thanks for your hard work on this, BTW! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-plugin-file-transfer/pull/179 +1 to deprecation as well. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/703#discussion_r115361265 --- Diff: www/docs/en/dev/guide/appdev/security/index.md --- @@ -27,69 +27,155 @@ description: Information and tips for building a secure application. The following guide includes some security best practices that you should consider when developing a Cordova application. Please be aware that security is a very complicated topic and therefore this guide is not exhaustive. If you believe you can contribute to this guide, please feel free to file an issue in Cordova's bug tracker under ["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). This guide is designed to be applicable to general Cordova development (all platforms) but special platform-specific considerations will be noted. ## This guide discusses the following topics: + +* General Tips +* Plugins and Security +* Content Security Policy * Whitelist -* Iframes and the Callback Id Mechanism * Certificate Pinning * Self-signed Certificates +* Wrapping external sites and hot code push * Encrypted storage -* General Tips * Recommended Articles and Other Resources +## General Tips + +### Use InAppBrowser for outside links + +Use the InAppBrowser when opening links to any outside website. This is much safer than whitelisting a domain name and including the content directly in your application because the InAppBrowser will use the native browser's security features and will not give the website access to your Cordova environment. Even if you trust the third party website and include it directly in your application, that third party website could link to malicious web content. + +### Validate all user input + +Always validate any and all input that your application accepts. This includes usernames, passwords, dates, uploaded media, etc. Because an attacker could manipulate your HTML and JS assets (either by decompiling your application or using debugging tools like `chrome://inspect`), this validation should also be performed on your server, especially before handing the data off to any backend service. + +> **Tip**: Other sources where data should be validated: user documents, contacts, push notifications + +### Do not cache sensitive data + +If usernames, password, geolocation information, and other sensitive data is cached, then it could potentially be retrieved later by an unauthorized user or application. + +### Don't use eval() + +The JavaScript function eval() has a long history of being abused. Using it incorrectly can open your code up for injection attacks, debugging difficulties, and slower code execution. + +### Do not assume that your source code is secure + +Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application. + +A sampling of what you should not include in your code: + +* Authentication information (usernames, passwords, keys, etc.) +* Encryption keys +* Trade secrets + +### Do not assume storage containers are secure + +Even if a device itself is encrypted, if someone has access to the device and can unlock it, you should not assume that data stored in various formats and containers is safe. Even SQLite databases are easily human readable once access is gained. + +As long as you're storing non-sensitive information, this isn't a big deal. But if you were storing passwords, keys, and other sensitive information, the data could be easily extracted, and depending on what was stored, could be used against your app and remote servers. + +For example, on iOS, if you store data in `localStorage`, the data itself is easily readable to anyone who has access to the device. This is because `localStorage` is backed by an unencrypted SQLite database. The underlying storage of the device may in fact be encrypted (and so it would be inaccessible while the device is locked), but once the device decrypts the file, the contents themselves are mostly in the clear. As such, the contents of `localStorage` can be easily read and even changed. + +## Plugins and Security + +Due to the way the native portion of Cordova communicates with your web code, it is possible for any code executing within the main webview context to communicate with any installed plugins. This means that you should _never_ permit untrusted content within the primary webview. This can include third-party advertisements, sites within an `iframe`, and even content injected via `innerHTML`. + +If you must inject content into the primary
[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/703#discussion_r115358538 --- Diff: www/docs/en/dev/guide/appdev/security/index.md --- @@ -27,69 +27,155 @@ description: Information and tips for building a secure application. The following guide includes some security best practices that you should consider when developing a Cordova application. Please be aware that security is a very complicated topic and therefore this guide is not exhaustive. If you believe you can contribute to this guide, please feel free to file an issue in Cordova's bug tracker under ["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). This guide is designed to be applicable to general Cordova development (all platforms) but special platform-specific considerations will be noted. ## This guide discusses the following topics: + +* General Tips +* Plugins and Security +* Content Security Policy * Whitelist -* Iframes and the Callback Id Mechanism * Certificate Pinning * Self-signed Certificates +* Wrapping external sites and hot code push * Encrypted storage -* General Tips * Recommended Articles and Other Resources +## General Tips + +### Use InAppBrowser for outside links + +Use the InAppBrowser when opening links to any outside website. This is much safer than whitelisting a domain name and including the content directly in your application because the InAppBrowser will use the native browser's security features and will not give the website access to your Cordova environment. Even if you trust the third party website and include it directly in your application, that third party website could link to malicious web content. + +### Validate all user input + +Always validate any and all input that your application accepts. This includes usernames, passwords, dates, uploaded media, etc. Because an attacker could manipulate your HTML and JS assets (either by decompiling your application or using debugging tools like `chrome://inspect`), this validation should also be performed on your server, especially before handing the data off to any backend service. + +> **Tip**: Other sources where data should be validated: user documents, contacts, push notifications + +### Do not cache sensitive data + +If usernames, password, geolocation information, and other sensitive data is cached, then it could potentially be retrieved later by an unauthorized user or application. + +### Don't use eval() + +The JavaScript function eval() has a long history of being abused. Using it incorrectly can open your code up for injection attacks, debugging difficulties, and slower code execution. + +### Do not assume that your source code is secure + +Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application. + +A sampling of what you should not include in your code: + +* Authentication information (usernames, passwords, keys, etc.) +* Encryption keys +* Trade secrets + +### Do not assume storage containers are secure + +Even if a device itself is encrypted, if someone has access to the device and can unlock it, you should not assume that data stored in various formats and containers is safe. Even SQLite databases are easily human readable once access is gained. + +As long as you're storing non-sensitive information, this isn't a big deal. But if you were storing passwords, keys, and other sensitive information, the data could be easily extracted, and depending on what was stored, could be used against your app and remote servers. + +For example, on iOS, if you store data in `localStorage`, the data itself is easily readable to anyone who has access to the device. This is because `localStorage` is backed by an unencrypted SQLite database. The underlying storage of the device may in fact be encrypted (and so it would be inaccessible while the device is locked), but once the device decrypts the file, the contents themselves are mostly in the clear. As such, the contents of `localStorage` can be easily read and even changed. + +## Plugins and Security + +Due to the way the native portion of Cordova communicates with your web code, it is possible for any code executing within the main webview context to communicate with any installed plugins. This means that you should _never_ permit untrusted content within the primary webview. This can include third-party advertisements, sites within an `iframe`, and even content injected via `innerHTML`. + +If you must inject content into the primary
[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/703#discussion_r115358440 --- Diff: www/docs/en/dev/guide/appdev/security/index.md --- @@ -27,69 +27,155 @@ description: Information and tips for building a secure application. The following guide includes some security best practices that you should consider when developing a Cordova application. Please be aware that security is a very complicated topic and therefore this guide is not exhaustive. If you believe you can contribute to this guide, please feel free to file an issue in Cordova's bug tracker under ["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). This guide is designed to be applicable to general Cordova development (all platforms) but special platform-specific considerations will be noted. ## This guide discusses the following topics: + +* General Tips +* Plugins and Security +* Content Security Policy * Whitelist -* Iframes and the Callback Id Mechanism * Certificate Pinning * Self-signed Certificates +* Wrapping external sites and hot code push * Encrypted storage -* General Tips * Recommended Articles and Other Resources +## General Tips + +### Use InAppBrowser for outside links + +Use the InAppBrowser when opening links to any outside website. This is much safer than whitelisting a domain name and including the content directly in your application because the InAppBrowser will use the native browser's security features and will not give the website access to your Cordova environment. Even if you trust the third party website and include it directly in your application, that third party website could link to malicious web content. + +### Validate all user input + +Always validate any and all input that your application accepts. This includes usernames, passwords, dates, uploaded media, etc. Because an attacker could manipulate your HTML and JS assets (either by decompiling your application or using debugging tools like `chrome://inspect`), this validation should also be performed on your server, especially before handing the data off to any backend service. + +> **Tip**: Other sources where data should be validated: user documents, contacts, push notifications + +### Do not cache sensitive data + +If usernames, password, geolocation information, and other sensitive data is cached, then it could potentially be retrieved later by an unauthorized user or application. + +### Don't use eval() + +The JavaScript function eval() has a long history of being abused. Using it incorrectly can open your code up for injection attacks, debugging difficulties, and slower code execution. + +### Do not assume that your source code is secure + +Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application. + +A sampling of what you should not include in your code: + +* Authentication information (usernames, passwords, keys, etc.) +* Encryption keys +* Trade secrets + +### Do not assume storage containers are secure + +Even if a device itself is encrypted, if someone has access to the device and can unlock it, you should not assume that data stored in various formats and containers is safe. Even SQLite databases are easily human readable once access is gained. + +As long as you're storing non-sensitive information, this isn't a big deal. But if you were storing passwords, keys, and other sensitive information, the data could be easily extracted, and depending on what was stored, could be used against your app and remote servers. + +For example, on iOS, if you store data in `localStorage`, the data itself is easily readable to anyone who has access to the device. This is because `localStorage` is backed by an unencrypted SQLite database. The underlying storage of the device may in fact be encrypted (and so it would be inaccessible while the device is locked), but once the device decrypts the file, the contents themselves are mostly in the clear. As such, the contents of `localStorage` can be easily read and even changed. + +## Plugins and Security + +Due to the way the native portion of Cordova communicates with your web code, it is possible for any code executing within the main webview context to communicate with any installed plugins. This means that you should _never_ permit untrusted content within the primary webview. This can include third-party advertisements, sites within an `iframe`, and even content injected via `innerHTML`. + +If you must inject content into the primary
[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/703#discussion_r115358385 --- Diff: www/docs/en/dev/guide/appdev/security/index.md --- @@ -27,69 +27,155 @@ description: Information and tips for building a secure application. The following guide includes some security best practices that you should consider when developing a Cordova application. Please be aware that security is a very complicated topic and therefore this guide is not exhaustive. If you believe you can contribute to this guide, please feel free to file an issue in Cordova's bug tracker under ["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). This guide is designed to be applicable to general Cordova development (all platforms) but special platform-specific considerations will be noted. ## This guide discusses the following topics: + +* General Tips +* Plugins and Security +* Content Security Policy * Whitelist -* Iframes and the Callback Id Mechanism * Certificate Pinning * Self-signed Certificates +* Wrapping external sites and hot code push * Encrypted storage -* General Tips * Recommended Articles and Other Resources +## General Tips + +### Use InAppBrowser for outside links + +Use the InAppBrowser when opening links to any outside website. This is much safer than whitelisting a domain name and including the content directly in your application because the InAppBrowser will use the native browser's security features and will not give the website access to your Cordova environment. Even if you trust the third party website and include it directly in your application, that third party website could link to malicious web content. + +### Validate all user input + +Always validate any and all input that your application accepts. This includes usernames, passwords, dates, uploaded media, etc. Because an attacker could manipulate your HTML and JS assets (either by decompiling your application or using debugging tools like `chrome://inspect`), this validation should also be performed on your server, especially before handing the data off to any backend service. + +> **Tip**: Other sources where data should be validated: user documents, contacts, push notifications + +### Do not cache sensitive data + +If usernames, password, geolocation information, and other sensitive data is cached, then it could potentially be retrieved later by an unauthorized user or application. + +### Don't use eval() + +The JavaScript function eval() has a long history of being abused. Using it incorrectly can open your code up for injection attacks, debugging difficulties, and slower code execution. + +### Do not assume that your source code is secure + +Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application. + +A sampling of what you should not include in your code: + +* Authentication information (usernames, passwords, keys, etc.) +* Encryption keys +* Trade secrets + +### Do not assume storage containers are secure + +Even if a device itself is encrypted, if someone has access to the device and can unlock it, you should not assume that data stored in various formats and containers is safe. Even SQLite databases are easily human readable once access is gained. + +As long as you're storing non-sensitive information, this isn't a big deal. But if you were storing passwords, keys, and other sensitive information, the data could be easily extracted, and depending on what was stored, could be used against your app and remote servers. + +For example, on iOS, if you store data in `localStorage`, the data itself is easily readable to anyone who has access to the device. This is because `localStorage` is backed by an unencrypted SQLite database. The underlying storage of the device may in fact be encrypted (and so it would be inaccessible while the device is locked), but once the device decrypts the file, the contents themselves are mostly in the clear. As such, the contents of `localStorage` can be easily read and even changed. + +## Plugins and Security + +Due to the way the native portion of Cordova communicates with your web code, it is possible for any code executing within the main webview context to communicate with any installed plugins. This means that you should _never_ permit untrusted content within the primary webview. This can include third-party advertisements, sites within an `iframe`, and even content injected via `innerHTML`. + +If you must inject content into the primary
[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/703#discussion_r115357887 --- Diff: www/docs/en/dev/guide/appdev/security/index.md --- @@ -27,69 +27,155 @@ description: Information and tips for building a secure application. The following guide includes some security best practices that you should consider when developing a Cordova application. Please be aware that security is a very complicated topic and therefore this guide is not exhaustive. If you believe you can contribute to this guide, please feel free to file an issue in Cordova's bug tracker under ["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). This guide is designed to be applicable to general Cordova development (all platforms) but special platform-specific considerations will be noted. ## This guide discusses the following topics: + +* General Tips +* Plugins and Security +* Content Security Policy * Whitelist -* Iframes and the Callback Id Mechanism * Certificate Pinning * Self-signed Certificates +* Wrapping external sites and hot code push * Encrypted storage -* General Tips * Recommended Articles and Other Resources +## General Tips + +### Use InAppBrowser for outside links + +Use the InAppBrowser when opening links to any outside website. This is much safer than whitelisting a domain name and including the content directly in your application because the InAppBrowser will use the native browser's security features and will not give the website access to your Cordova environment. Even if you trust the third party website and include it directly in your application, that third party website could link to malicious web content. + +### Validate all user input + +Always validate any and all input that your application accepts. This includes usernames, passwords, dates, uploaded media, etc. Because an attacker could manipulate your HTML and JS assets (either by decompiling your application or using debugging tools like `chrome://inspect`), this validation should also be performed on your server, especially before handing the data off to any backend service. + +> **Tip**: Other sources where data should be validated: user documents, contacts, push notifications + +### Do not cache sensitive data + +If usernames, password, geolocation information, and other sensitive data is cached, then it could potentially be retrieved later by an unauthorized user or application. + +### Don't use eval() + +The JavaScript function eval() has a long history of being abused. Using it incorrectly can open your code up for injection attacks, debugging difficulties, and slower code execution. + +### Do not assume that your source code is secure + +Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application. --- End diff -- Mmm -- I like that much better. :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/703#discussion_r115357795 --- Diff: www/docs/en/dev/guide/appdev/security/index.md --- @@ -27,69 +27,155 @@ description: Information and tips for building a secure application. The following guide includes some security best practices that you should consider when developing a Cordova application. Please be aware that security is a very complicated topic and therefore this guide is not exhaustive. If you believe you can contribute to this guide, please feel free to file an issue in Cordova's bug tracker under ["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). This guide is designed to be applicable to general Cordova development (all platforms) but special platform-specific considerations will be noted. ## This guide discusses the following topics: + +* General Tips +* Plugins and Security +* Content Security Policy * Whitelist -* Iframes and the Callback Id Mechanism * Certificate Pinning * Self-signed Certificates +* Wrapping external sites and hot code push * Encrypted storage -* General Tips * Recommended Articles and Other Resources +## General Tips + +### Use InAppBrowser for outside links + +Use the InAppBrowser when opening links to any outside website. This is much safer than whitelisting a domain name and including the content directly in your application because the InAppBrowser will use the native browser's security features and will not give the website access to your Cordova environment. Even if you trust the third party website and include it directly in your application, that third party website could link to malicious web content. + +### Validate all user input + +Always validate any and all input that your application accepts. This includes usernames, passwords, dates, uploaded media, etc. Because an attacker could manipulate your HTML and JS assets (either by decompiling your application or using debugging tools like `chrome://inspect`), this validation should also be performed on your server, especially before handing the data off to any backend service. + +> **Tip**: Other sources where data should be validated: user documents, contacts, push notifications + +### Do not cache sensitive data + +If usernames, password, geolocation information, and other sensitive data is cached, then it could potentially be retrieved later by an unauthorized user or application. --- End diff -- Yes, this needs to be worded better and have some concrete examples. :-) I think "caching" is the wrong word here (this was copied from the previous version) -- "store" is probably more accurate. I _think_ attacks would either have to be device-in-hand attacks (since you'd need to get into the file system -- that's when you hope the device is protected with a pin & is encrypted!) or malware / viruses that abused some security hole (or ran amuck on a rooted/JB'd device). OR, if the app stored data in a public area on the file system (say, on Android), that would be risky too. (Hopefully no one would do that, though...!) So yes... more examples of what is meant by this would be good. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-docs/pull/703 CB-12770: revise security documentation This is a *rough* first pass at revising the security documentation. Comments are very welcome! ** NOT READY FOR MERGE YET ** ### What does this PR do? Update security documentation ### Checklist - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-docs CB-12770 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-docs/pull/703.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #703 commit 012f3f92e5bf1d4394b0d50f0f2e2bc7d2982bcc Author: Kerri Shotts Date: 2017-05-08T15:19:19Z CB-12770: revise security documentation --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/699#discussion_r113565956 --- Diff: www/_posts/2017-04-21-cordova-7.md --- @@ -0,0 +1,46 @@ +--- +layout: post +author: +name: Audrey So +url: https://twitter.com/aud_rey_so +title: "Apache Cordova 7.0.0" +categories: news +tags: news releases +--- + +We are happy to announce that `Apache Cordova 7.0.0` has been released! + +Most notable changes include: +* If a `package.json` does not exist in your project, it will be auto-created for you when `cordova prepare` is called. +* When adding a platform or plugin, it will automatically save that platform or plugin to your `config.xml` and `package.json`. Details about platform and plugin versions are also automatically saved in `config.xml` and `package.json`. The `--save` flag is no longer required to save. Use `--nosave` to prevent saving to `config.xml` or `package.json`. +* Fetch is now the default setting for fetching platforms. Fetch uses your system `npm` to `npm install` modules into your project. The `--fetch` flag is no longer required. Use the `--nofetch` flag to use the older cordova fetching method (pre `cordova@7`) and prevent using `npm install` to do the fetching. --- End diff -- Hmmm. To me you're referring to the feature named "fetch", not the setting (although you do use the word "setting" -- I think I would use "method"). So: "Fetch is now the default method for fetching platforms. Fetch uses your system" You could reword this a bit to avoid the issue entirely, but I think this is clear enough without being overly verbose. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/699#discussion_r113545976 --- Diff: www/_posts/2017-04-21-cordova-7.md --- @@ -0,0 +1,46 @@ +--- +layout: post +author: +name: Audrey So +url: https://twitter.com/aud_rey_so +title: "Apache Cordova 7.0.0" +categories: news +tags: news releases +--- + +We are happy to announce that `Apache Cordova 7.0.0` has been released! + +Most notable changes include: +* If a `package.json` does not exist in your project, it will be auto-created for you when `cordova prepare` is called. +* When adding a platform or plugin, it will automatically save that platform or plugin to your `config.xml` and `package.json`. Details about platform and plugin versions are also automatically saved in `config.xml` and `package.json`. The `--save` flag is no longer required to save. Use `--nosave` to prevent saving to `config.xml` or `package.json`. +* Fetch is now the default setting for fetching platforms. Fetch uses your system `npm` to `npm install` modules into your project. The `--fetch` flag is no longer required. Use the `--nofetch` flag to use the older cordova fetching method (pre `cordova@7`) and prevent using `npm install` to do the fetching. +* After `cordova prepare` is run, `package.json` and `config.xml` should contain identical platforms and versions. In case of conflicts, `package.json` is given precedence over `config.xml`. For example, suppose `package.json` contains `cordova-android@6.0.0` and `config.xml` contains `cordova-android@4.0.0`. After `cordova prepare` is run, `config.xml` and `package.json` will each contain only `cordova-android@6.0.0`. +* Users can install any platform due to removing known platform check for platform API. For instance, users can now add custom platforms to their projects. +* Platforms and plugins are now required to have a package.json file. + +Example: + + cordova platform add custom-platform-name + +Link to how to create your own platforms: + +* A cordova config command has been created to `set`, `get`, `delete`, `edit`, and `list` global cordova options. For example, you can use the following command `cordova config set ` to set the value of autosave or fetch to true or false. + +In this case, you are turning off autosave as the default setting. Example: + + cordova config set autosave false + +In this case, you are turning off fetch as the default setting. Example: + + cordova config set fetch false + +In addition, the cordova config command supports browserify setting, which allows the JavaScript of plugins to be loaded at build time compared to run time. For instance, if the browserify value is not explicility passed in by the user, the cordova config command will automatically set the browserify value saved in `~/.config/configstore/` to saved `globally`. Users can get and set browserify. Example: --- End diff -- ?: In this case --> In the following case or, "For example, if you want to turn off `fetch` as the default setting:" To me, "this" refers to something that has already been mentioned, so I was looking above, not below. Also, backticks around `fetch`, `autosave`, `browserify` --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/699#discussion_r113545528 --- Diff: www/_posts/2017-04-21-cordova-7.md --- @@ -0,0 +1,46 @@ +--- +layout: post +author: +name: Audrey So +url: https://twitter.com/aud_rey_so +title: "Apache Cordova 7.0.0" +categories: news +tags: news releases +--- + +We are happy to announce that `Apache Cordova 7.0.0` has been released! + +Most notable changes include: +* If a `package.json` does not exist in your project, it will be auto-created for you when `cordova prepare` is called. +* When adding a platform or plugin, it will automatically save that platform or plugin to your `config.xml` and `package.json`. Details about platform and plugin versions are also automatically saved in `config.xml` and `package.json`. The `--save` flag is no longer required to save. Use `--nosave` to prevent saving to `config.xml` or `package.json`. +* Fetch is now the default setting for fetching platforms. Fetch uses your system `npm` to `npm install` modules into your project. The `--fetch` flag is no longer required. Use the `--nofetch` flag to use the older cordova fetching method (pre `cordova@7`) and prevent using `npm install` to do the fetching. +* After `cordova prepare` is run, `package.json` and `config.xml` should contain identical platforms and versions. In case of conflicts, `package.json` is given precedence over `config.xml`. For example, suppose `package.json` contains `cordova-android@6.0.0` and `config.xml` contains `cordova-android@4.0.0`. After `cordova prepare` is run, `config.xml` and `package.json` will each contain only `cordova-android@6.0.0`. +* Users can install any platform due to removing known platform check for platform API. For instance, users can now add custom platforms to their projects. +* Platforms and plugins are now required to have a package.json file. + +Example: + + cordova platform add custom-platform-name + +Link to how to create your own platforms: + +* A cordova config command has been created to `set`, `get`, `delete`, `edit`, and `list` global cordova options. For example, you can use the following command `cordova config set ` to set the value of autosave or fetch to true or false. --- End diff -- global cordova --> global Cordova --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/699#discussion_r113545395 --- Diff: www/_posts/2017-04-21-cordova-7.md --- @@ -0,0 +1,46 @@ +--- +layout: post +author: +name: Audrey So +url: https://twitter.com/aud_rey_so +title: "Apache Cordova 7.0.0" +categories: news +tags: news releases +--- + +We are happy to announce that `Apache Cordova 7.0.0` has been released! + +Most notable changes include: +* If a `package.json` does not exist in your project, it will be auto-created for you when `cordova prepare` is called. +* When adding a platform or plugin, it will automatically save that platform or plugin to your `config.xml` and `package.json`. Details about platform and plugin versions are also automatically saved in `config.xml` and `package.json`. The `--save` flag is no longer required to save. Use `--nosave` to prevent saving to `config.xml` or `package.json`. +* Fetch is now the default setting for fetching platforms. Fetch uses your system `npm` to `npm install` modules into your project. The `--fetch` flag is no longer required. Use the `--nofetch` flag to use the older cordova fetching method (pre `cordova@7`) and prevent using `npm install` to do the fetching. +* After `cordova prepare` is run, `package.json` and `config.xml` should contain identical platforms and versions. In case of conflicts, `package.json` is given precedence over `config.xml`. For example, suppose `package.json` contains `cordova-android@6.0.0` and `config.xml` contains `cordova-android@4.0.0`. After `cordova prepare` is run, `config.xml` and `package.json` will each contain only `cordova-android@6.0.0`. +* Users can install any platform due to removing known platform check for platform API. For instance, users can now add custom platforms to their projects. +* Platforms and plugins are now required to have a package.json file. + +Example: + + cordova platform add custom-platform-name + +Link to how to create your own platforms: + +* A cordova config command has been created to `set`, `get`, `delete`, `edit`, and `list` global cordova options. For example, you can use the following command `cordova config set ` to set the value of autosave or fetch to true or false. --- End diff -- to set the value of `autosave` or `fetch` to `true` or `false`. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/699#discussion_r113544594 --- Diff: www/_posts/2017-04-21-cordova-7.md --- @@ -0,0 +1,46 @@ +--- +layout: post +author: +name: Audrey So +url: https://twitter.com/aud_rey_so +title: "Apache Cordova 7.0.0" +categories: news +tags: news releases +--- + +We are happy to announce that `Apache Cordova 7.0.0` has been released! + +Most notable changes include: +* If a `package.json` does not exist in your project, it will be auto-created for you when `cordova prepare` is called. +* When adding a platform or plugin, it will automatically save that platform or plugin to your `config.xml` and `package.json`. Details about platform and plugin versions are also automatically saved in `config.xml` and `package.json`. The `--save` flag is no longer required to save. Use `--nosave` to prevent saving to `config.xml` or `package.json`. +* Fetch is now the default setting for fetching platforms. Fetch uses your system `npm` to `npm install` modules into your project. The `--fetch` flag is no longer required. Use the `--nofetch` flag to use the older cordova fetching method (pre `cordova@7`) and prevent using `npm install` to do the fetching. --- End diff -- Also: if leaving Cordova in, it needs capitalized. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-docs/pull/699#discussion_r113544467 --- Diff: www/_posts/2017-04-21-cordova-7.md --- @@ -0,0 +1,46 @@ +--- +layout: post +author: +name: Audrey So +url: https://twitter.com/aud_rey_so +title: "Apache Cordova 7.0.0" +categories: news +tags: news releases +--- + +We are happy to announce that `Apache Cordova 7.0.0` has been released! + +Most notable changes include: +* If a `package.json` does not exist in your project, it will be auto-created for you when `cordova prepare` is called. +* When adding a platform or plugin, it will automatically save that platform or plugin to your `config.xml` and `package.json`. Details about platform and plugin versions are also automatically saved in `config.xml` and `package.json`. The `--save` flag is no longer required to save. Use `--nosave` to prevent saving to `config.xml` or `package.json`. +* Fetch is now the default setting for fetching platforms. Fetch uses your system `npm` to `npm install` modules into your project. The `--fetch` flag is no longer required. Use the `--nofetch` flag to use the older cordova fetching method (pre `cordova@7`) and prevent using `npm install` to do the fetching. --- End diff -- Perhaps: use the `--nofetch` flag to revert to pre-7.0 behavior (`npm install` is _not_ used to fetch modules) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #302: CB-11895: openURL: is deprecated on iOS 10
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/302 @shazron: thanks for the catch; fixed up now. Waiting on CI. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #302: CB-11895: openURL: is deprecated on iOS 10
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-ios/pull/302#discussion_r111295873 --- Diff: CordovaLib/Classes/Private/Plugins/CDVIntentAndNavigationFilter/CDVIntentAndNavigationFilter.m --- @@ -115,11 +115,18 @@ + (BOOL)shouldOverrideLoadWithRequest:(NSURLRequest*)request navigationType:(UIW case CDVIntentAndNavigationFilterValueNavigationAllowed: return YES; case CDVIntentAndNavigationFilterValueIntentAllowed: -// only allow-intent if it's a UIWebViewNavigationTypeLinkClicked (anchor tag) OR -// it's a UIWebViewNavigationTypeOther, and it's an internal link -if ([[self class] shouldOpenURLRequest:request navigationType:navigationType]){ --- End diff -- Whoops; trigger-happy `dd`, apparently. Fixing up. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #302: CB-11895: openURL: is deprecated on iOS 10
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-ios/pull/302 CB-11895: openURL: is deprecated on iOS 10 ### Platforms affected - iOS ### What does this PR do? Addresses deprecation of openURL: in iOS 10 by using openURL:options:completionHandler: instead. ### What testing has been done on this change? - CI Testing OK - Tested in sim on 10.3 and 9.3 & verified appropriate methods were called ### Checklist - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. - [X] Added automated test coverage as appropriate for this change. - not applicable to this change You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-ios CB-11895 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-ios/pull/302.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #302 commit 7e9a22efcdcd085b68970dca61156e6995586e25 Author: Kerri Shotts Date: 2017-04-12T21:02:57Z CB-11895: openURL: is deprecated on iOS 10 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
Re: [DRAFT][REPORT] Cordova - March 2017
+1 Sent from my phone. ___ Kerri Shotts > On Mar 13, 2017, at 19:43, Shazron wrote: > > I will send this out later tonight/early tomorrow if there are no comments: > > https://github.com/cordova/apache-board-reports/blob/master/2017/2017-03.md - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #295: CB-12309: Missing CLI help for --developmentTeam
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/295 No problem; I'll take care of it tomorrow. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #295: CB-12309: Missing CLI help for --developmentT...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-ios/pull/295 CB-12309: Missing CLI help for --developmentTeam ### Platforms affected iOS ### What does this PR do? Adds `--developmentTeam` to build help. ### What testing has been done on this change? Automated & manual testing ### Checklist - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. - [X] Added automated test coverage as appropriate for this change. - No additional tests needed You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-ios CB-12309 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-ios/pull/295.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #295 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-dialogs issue #92: added support for destructive Button on iO...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-plugin-dialogs/pull/92 Please review the [Cordova Contributor Guidelines](https://cordova.apache.org/contribute/contribute_guidelines.html), file a Jira issue and update this PR appropriately. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #277: CB-11243: Fix target-device and deployment-target pr...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/277 @shazron @zetura I was able to run a couple apps (both cordova-ios@4.3.1) at iPhone resolutions on an iPad simulator just now, with and without launch storyboards. @zetura, it might help to see the screenshots from Apple to see what they saw, if can share them (redact as necessary). --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs pull request #684: CB-12502: (ios) Document minimum iOS version...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-docs/pull/684 CB-12502: (ios) Document minimum iOS version support / Xcode requirements ### Platforms affected iOS Docs ### What does this PR do? - Refresh Xcode screenshots - Document minimum Xcode requirement and OS X version. - Document opening Xcode from terminal - Use xcworkspace instead of xcodeproj ### What testing has been done on this change? Viewed document locally ### Checklist - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. - [X] Added automated test coverage as appropriate for this change. - N/A You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-docs CB-12502 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-docs/pull/684.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #684 commit 3a03297ea23874ef8ec5a33cca2200becb50ce1e Author: Kerri Shotts Date: 2017-02-24T19:35:48Z CB-12502: Refresh Xcode screenshots Document minimum Xcode requirement and OS X version. Document opening Xcode from terminal Use xcworkspace instead of xcodeproj --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs issue #683: 2017-02-01 committership blog post
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-docs/pull/683 Love, love, love! :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs issue #677: CB-12358: added tools release blog post
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-docs/pull/677 LGTM --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #286: CB-12287: Remove hardcoded simulator build de...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-ios/pull/286 CB-12287: Remove hardcoded simulator build destination ### Platforms affected iOS 4.3.1 and below ### What does this PR do? In `cordova-ios@4.3.1` and below, the Xcode build destination when building for a simulator is hardcoded as "iPhone 5s". This works as long as the user has an iPhone 5s simulator installed, but if they remove it, the build process breaks. This PR follows the same logic as `cordova emulate ios` in choosing a default destination, but also respects `--target` if specified. For example: ``` $ cordova emulate ios # will currently select iPhone SE simulator to build against and emulate $ cordova emulate ios --target="iPhone-7-Plus" # will build against and emulate on the iPhone 7+ ``` If there are no simulators available, the behavior is undefined, but Xcode wouldn't be able to build either. ### What testing has been done on this change? Manual tests and `npm test` ### Checklist - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. - [X] Added automated test coverage as appropriate for this change. - Note: a couple of tests were modified so that they could pass, but they don't actually test this issue. Tests covering the inner logic will come in a separate PR You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-ios CB-12287 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-ios/pull/286.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #286 commit 3c0ba16324c0892beec1fd4c741714836cd2 Author: Kerri Shotts Date: 2017-01-10T05:29:00Z CB-12287: Remove hardcoded simulator build destination --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-wkwebview-engine issue #26: Allow XHR to file:// and allow lo...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-plugin-wkwebview-engine/pull/26 @rubenstolk: First, thanks for the contribution! However, in this instance, I agree with @shazron; the fix may work, but due to the unsupported and undocumented nature of this, it puts all apps built with this engine at far too much risk (both for rejection and future failure). This isn't "giving up", but when Apple says 'don't do it that way', we have to figure something else out. You might try [this](https://github.com/apache/cordova-plugins/tree/master/wkwebview-engine-localhost), which might help in your case. Of course, the community is free to fork the repository and add the code themselves. If the suggestion above doesn't work, that would be my next suggestion, but of course, that doesn't mean you might not get a rejection from Apple when submitting to the store. For Enterprise stuff that wouldn't matter, but the app might stop working in the future should Apple change how that setting works. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #281: Hard link instead of soft linking
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/281 Can you update the title so that it includes the issue number with the following form: issue#: description That way the issue tracker will get all the updates here automatically. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
Re: [DISCUSS] Split cordova-lib modules into their own repos
A huge +1 from me! Sent from my phone. > On Nov 22, 2016, at 19:30, Steven Gill wrote: > > Right now, cordova-lib git repo [1] has cordova-serve, cordova-common, > cordova-fetch & cordova-lib modules. This is an anti-pattern in node. You > can't install any of those modules via gitURL since they are all > subdirectories. > > I propose to split these modules into their own git repos. Thoughts? > > [1] https://github.com/apache/cordova-lib > [2] https://issues.apache.org/jira/browse/CB-11980 - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #280: CB-12155: Create automated tests for launch storyboa...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/280 Let there be tests... :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #280: CB-12155: Create automated tests for launch storyboa...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/280 @shazron: Thanks -- I noticed that. I've got a patch for it in CB-12084 which I'm going to pull in first, which should clear up the existing issues. Then I need add a couple more tests for the changes in CB-12084. Once done, this should be good-to-go for 4.3.1 assuming nothing else crops up. ;-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #280: CB-12155: Create automated tests for launch s...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-ios/pull/280 CB-12155: Create automated tests for launch storyboard feature ### Platforms affected - iOS ### What does this PR do? Tests the launch storyboard feature introduced by CB-9762. ### What testing has been done on this change? Tests have been tested with `npm run unit-tests` ### Checklist - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. - [X] Added automated test coverage as appropriate for this change. - Note: some tests are marked as [PENDING]; need to pull CB-12084 in before those can be finished You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-ios CB-12155 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-ios/pull/280.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #280 commit 222a76265bf28ac3a393b2c5ee1045a2669864eb Author: Kerri Shotts Date: 2016-11-18T21:43:40Z CB-12155: Let there be storyboard tests --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #279: CB-12084: Update project build settings & plist
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/279 Let there be /more/ tests! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #279: CB-12084: Update project build settings & plist
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/279 let there be tests! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #279: CB-12084: Update project build settings & pli...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-ios/pull/279 CB-12084: Update project build settings & plist ### Platforms affected - iOS ### What does this PR do? Addresses the bug discovered in CB-12084 where cleaning would corrupt the Xcode project. Also addresses the particular use case where the user was eliminating legacy launch images from the Xcode project -- this code will now take care of that automatically. Here's the logic: - If the user only specifies images for the storyboard, then the Xcode project should not attempt to use an asset catalog for launch images as well. This PR will remove that particular build property from the project (`ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME`) - If the user specifies both storyboard images and legacy launch images, then nothing changes; build settings will continue to have `ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME` set to `LaunchImage`. - If the user specifies ONLY legacy launch images, `ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME` is set to `LaunchImage`; this ensures that if the user has gone back to legacy images after having tried the storyboard images that the Xcode project still works as expected. ### What testing has been done on this change? - Manual testing in each of the above scenarios - `npm test` completed successfully with no errors (but it would as no tests currently trigger any of the above behavior) - Travis CI is green. ### Checklist - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. - [X] Added automated test coverage as appropriate for this change. - Note that automated test coverage is coming in a separate PR since that test coverage will test the feature as a whole (not just this change). You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-ios CB-12084 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-ios/pull/279.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #279 commit 7b8d7c3ef4bb6ce9c38adef61f3632e4ba6a8f32 Author: Kerri Shotts Date: 2016-11-16T05:15:16Z CB-12084: Update project build settings & plist If no legacy images are provided, we should remove the launch image asset compiler setting. If legacy images are present, we should make sure it is present. We also need to make sure to properly delete launch storyboard rather than setting to undefined. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #276: CB-12130 - Launch storyboard images are not updated ...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/276 Pulled in; thanks for your contribution! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #276: CB-12130 - Launch storyboard images are not updated ...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/276 Awesome; thanks! :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #276: CB-12130 - Launch storyboard images are not updated ...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/276 @NielsLeenheer -- would you mind squashing these commits down to a single commit? I'd like to pull this in. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs issue #660: Announcement for Cordova Android 6.0 and Cordova An...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-docs/pull/660 LGTM --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
Re: [DISCUSS] Tools release!
LGTM Sent from my phone. ___ Kerri Shotts - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs issue #655: CB-12054 - Cordova iOS 4.3.0 release announcement
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-docs/pull/655 LGTM :) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-docs issue #646: CB-11946 - Blog post for Node 0.x and 4.x deprecati...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-docs/pull/646 +1 LGTM :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-splashscreen pull request #114: CB-11829: (iOS) Support for C...
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-plugin-splashscreen/pull/114#discussion_r81187425 --- Diff: README.md --- @@ -51,6 +51,206 @@ Report issues with this plugin on the [Apache Cordova issue tracker][Apache Cord __Note__: Extended splashscreen does not require the plugin on Windows (as opposed to Android and iOS) in case you don't use the plugin API, i.e. programmatic hide/show. +### iOS-specific information + +There are two mechanisms for displaying a launch screen on iOS: + +1. Legacy launch images: images are sized exactly for the device's screen size. Does not support the iPad Pro 12.9's native resolution or split-screen/slide-over multitasking. + +2. Launch storyboard images: Images are sized based on scale, idiom, and size classes. Supports all devices, and can be used with split-screen/slide-over multitasking. + +Apple is moving away from legacy launch images. There is no official support for providing a native-resolution launch image for the iPad pro 12.9 or for providing launch images that work with split-screen multitasking or slide-over. If your app doesn't need to support these contexts, then you can continue to use legacy launch images for as long as you like. --- End diff -- fixed; thanks for catching it! :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-splashscreen pull request #114: CB-11829: (iOS) Support for C...
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-plugin-splashscreen/pull/114#discussion_r81187431 --- Diff: README.md --- @@ -51,6 +51,206 @@ Report issues with this plugin on the [Apache Cordova issue tracker][Apache Cord __Note__: Extended splashscreen does not require the plugin on Windows (as opposed to Android and iOS) in case you don't use the plugin API, i.e. programmatic hide/show. +### iOS-specific information + +There are two mechanisms for displaying a launch screen on iOS: + +1. Legacy launch images: images are sized exactly for the device's screen size. Does not support the iPad Pro 12.9's native resolution or split-screen/slide-over multitasking. + +2. Launch storyboard images: Images are sized based on scale, idiom, and size classes. Supports all devices, and can be used with split-screen/slide-over multitasking. + +Apple is moving away from legacy launch images. There is no official support for providing a native-resolution launch image for the iPad pro 12.9 or for providing launch images that work with split-screen multitasking or slide-over. If your app doesn't need to support these contexts, then you can continue to use legacy launch images for as long as you like. + +The preferred method of providing launch images is to use a launch storyboard. For native app developers, the ideal launch storyboard is an unpopulated version of the app's user interface at launch. For non-native app developers who don't wish to learn interface builder, however, this plugin simulates the legacy launch image method as much as is feasible. --- End diff -- fixed; thanks for catching it! :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #260: CB-10078 fixed by refreshing cached userAgent...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-ios/pull/260 CB-10078 fixed by refreshing cached userAgent on version bump Adds app version to the list of items that invalidates the cached user agent. You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-ios CB-10078 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-ios/pull/260.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #260 commit 35df991ea4be247b7c04d7837e2f2e4d7509b91c Author: Kerri Shotts Date: 2016-09-28T21:34:38Z CB-10078 fixed by refreshing cached userAgent on version bump --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-splashscreen pull request #114: CB-11829: (iOS) Support for C...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-plugin-splashscreen/pull/114 CB-11829: (iOS) Support for CB-9762; docs (CB-11830) ### Platforms affected * iOS ### What does this PR do? Supports launch storyboards as describe in CB-9762. Add documentation for the feature (no other great place to put it) ### What testing has been done on this change? * Manual testing on devices ### Checklist - [X] [ICLA](http://www.apache.org/licenses/icla.txt) has been signed and submitted to secret...@apache.org. - [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database - [X] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB- is the JIRA ID & "android" is the platform affected. - [X] Added automated test coverage as appropriate for this change. - No automated testing added; appearance has to be verified manually. You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-plugin-splashscreen CB-11829 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-plugin-splashscreen/pull/114.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #114 commit f8895acb741b201a9e1110ead875988b23b95a4c Author: Kerri Shotts Date: 2016-09-22T20:17:33Z CB-11829: (iOS) Support for CB-9762; docs (CB-11830) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios issue #250: CB-9762 (iOS) Add launch storyboard support
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-ios/pull/250 @shazron: Thanks! Removed my last commit and waiting on CI results -- should all be green now with #258. :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-statusbar issue #62: CB:-9161 Support iPad multitasking in iO...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-plugin-statusbar/pull/62 Okay; tapping the status bar works now on my iPad Pro (iOS10b8 and GM). --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-statusbar issue #62: CB:-9161 Support iPad multitasking in iO...
Github user kerrishotts commented on the issue: https://github.com/apache/cordova-plugin-statusbar/pull/62 I'm planning on testing this later today after the Apple event. :-) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-ios pull request #250: CB-9762 (iOS) Add launch storyboard support
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-ios/pull/250 CB-9762 (iOS) Add launch storyboard support - [X] Signed ICLA - [X] Jira Issue: [CB-9762](https://issues.apache.org/jira/browse/CB-9762) - [X] Tests: - [X] Automated (npm test; all passing) Note: no automated tests for this functionality, though - [X] Manual (with and without launch storyboard images): - iPhone 6s (iOS 10b8) - iPad Pro (iOS 10b8) Note: The splashscreen plugin will require updating to use the new images; but I think that should be a separate (but related) issue. I don't think it will be difficult to add though (crossing my fingers)! Note: Documentation will need to be updated to reflect the changes in this PR Note: No default splash images are provided; they would be overwritten anyway upon adding the platform. I've added the images I used below: ![default 2x universal anyany](https://cloud.githubusercontent.com/assets/164498/18167642/545814e8-7017-11e6-8b55-8f24e412ca70.png) ![default 2x universal comany](https://cloud.githubusercontent.com/assets/164498/18167643/547aa1ac-7017-11e6-8334-86598ed1afd3.png) ![default 2x universal comcom](https://cloud.githubusercontent.com/assets/164498/18167644/547b1dda-7017-11e6-888b-ada91b8572a1.png) ![default 3x universal anycom](https://cloud.githubusercontent.com/assets/164498/18167645/547e5bbc-7017-11e6-9665-dff978bff0aa.png) ![default 3x universal comany](https://cloud.githubusercontent.com/assets/164498/18167646/54828070-7017-11e6-9bce-63de89bfd406.png) You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-ios CB-9762 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-ios/pull/250.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #250 commit 12eb374e93987a260dce57b5be1acbe1279a61e1 Author: Kerri Shotts Date: 2016-08-24T22:49:20Z CB-9762 Add launch storyboard support NB: No default splash images are provided; they would be overwritten anyway upon adding the platform. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-statusbar pull request #62: CB:-9161 Support iPad multitaskin...
Github user kerrishotts commented on a diff in the pull request: https://github.com/apache/cordova-plugin-statusbar/pull/62#discussion_r77159431 --- Diff: src/ios/CDVStatusBar.m --- @@ -132,13 +132,15 @@ - (void)pluginInitialize // blank scroll view to intercept status bar taps self.webView.scrollView.scrollsToTop = NO; -UIScrollView *fakeScrollView = [[UIScrollView alloc] initWithFrame:UIScreen.mainScreen.bounds]; + +CGRect bounds = [self.viewController.view.window bounds]; --- End diff -- @jonathanli2: When testing this, I get a (0,0)x(0,0) frame: (CGRect) bounds = (origin = (x = 0, y = 0), size = (width = 0, height = 0)) ... which means I can't tap the status bar. I'm testing on iOS 10b8, iPhone 6s and iPad Pro (with and without a launch storyboard). Could you share a test project that worked for you so I can see what (if any) differences there are that might cause this? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
[GitHub] cordova-plugin-file pull request: [CB- 7057] Improve File API docu...
GitHub user kerrishotts opened a pull request: https://github.com/apache/cordova-plugin-file/pull/59 [CB- 7057] Improve File API documentation, especially wrt to cordova.file.* properties As discussed on the google groups, the documentation for the `cordova.file.*` properties is unclear (see post: https://groups.google.com/forum/#!topic/phonegap/W1ZR6WG5XwM). Revised documentation to make it clearer, and also added a table indicating how the properties relate to the file system and the various properties on each path (read-write, private, etc.) Bug # is CB-7057. You can merge this pull request into a Git repository by running: $ git pull https://github.com/kerrishotts/cordova-plugin-file CB-7057 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-plugin-file/pull/59.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #59 commit da486e42ec3d5908f8013f9f2a6c42e7aca0a7f5 Author: Kerri Shotts Date: 2014-07-01T01:06:37Z Reworded description Added note that under iOS this directory is read-only (one must use a subdirectory like /Documents). Also indicated that the contents within the folder are private. commit 2575d9e714f020954fa251d733a6415a2f2f1f76 Author: Kerri Shotts Date: 2014-07-01T01:07:31Z Reworded description Reworded to make it clear that the data is persistent and private and within internal memory. Also added additional options for Android if external memory is needed and indicated that this directory is not synced. commit d6b44960f640f9d2326968f5fd2795d40543d825 Author: Kerri Shotts Date: 2014-07-01T01:09:05Z Reworded description Based on email from @jcesarmobile in dev group (titled More questions on FileSystem directories) commit 3bda96d6939f2b69380573ffbec7b958af0fce8a Author: Kerri Shotts Date: 2014-07-01T01:09:42Z Reformatted as list commit bdc14902bfc22fc86b1f790dbc8297598868c87f Author: Kerri Shotts Date: 2014-07-01T01:09:58Z Added note not to rely on OS clearing commit 9ea0c3cc74fdce67d42dbbe6c2d2022ea508483b Author: Kerri Shotts Date: 2014-07-01T01:11:03Z Added file system layout information This is useful information, especially for native developers who may already be familiar with the file system, but also useful for marking which directories are writeable, which ones are private/public and which ones sync, etc. commit 2a0f0884d063171a8099c35022ea579398c06482 Author: Kerri Shotts Date: 2014-07-01T01:12:09Z Formatting commit 80b172361ba71c318041d29ecf917ce8b8bc8708 Author: Kerri Shotts Date: 2014-07-01T01:12:32Z Promoted heading To match Android/iOS quirk headings commit 1175156cecf7f5e581fa653451e0a03b737593cf Author: Kerri Shotts Date: 2014-07-01T01:12:41Z Converted to table commit 67f929bfba49e321c91eb4abd157f1a20ee0776a Author: Kerri Shotts Date: 2014-07-01T01:12:59Z Added quirk Noted that `applicationStorageDirectory` is read-only. commit f1e18ebba1193031beb8b81f12b3a7bd59d21abd Author: Kerri Shotts Date: 2014-07-01T01:13:10Z formatting --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---