Software Archive
Read-only legacy content
17061 Discussions

[RESOLVED] XDK 3522 - Build failure - Building Cordova 6.2.0 App

Phil_P___Pete_
New Contributor I
543 Views

Build Log

  • Building a Cordova 6.2.0 application.
  • Using platform cordova-android 5.1.1.
  • The application name is "taptoreport"
  • The package name is "com.taptoreport.mobile.android"

This happens on both platforms and began last night on 5.4.1. I upgrade to 6.2.0 and also upgraded the plugins this morning. I also deleted all files from the server and tried again. No changes... and this project built fine earlier yesterday.

build_failure.png

0 Kudos
18 Replies
Phil_P___Pete_
New Contributor I
543 Views

Removed:

<allow-navigation href="tel:*" />
<allow-intent href="tel:*" />

Build proceeded successfully.

Might be looking at another bug... certainly a build log missing some fundamental details.

 

0 Kudos
PaulF_IntelCorp
Employee
543 Views

Phil -- did you remove those entries from you intelxdk.config.additions.xml file? If so, could you provide a complete copy of that file? I'd like to see what is in there, that's not the sort of thing we've recommended people include in that file. If not that file, where did you remove these lines from?

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

Paul,

We're starting close down and getting ready to update the security settings which means changing them from wide open to restricted and adding the CSP...

Since we have an href="tel:911" link that uses the dialer we added the allow-intent and allow-navigation to the ios side and the allow-intent to Android. Builds stopped with the Build Log I posted (essentially nothing). Took us a bit to figure out what the heck was going on but as soon as we removed those two lines, it went back to building.

Granted, we probably did something wrong but the UI should have caught what we were doing wrong and stopped or warned us and if not that, the build log should have had some information.

allow-intent.png

0 Kudos
PaulF_IntelCorp
Employee
543 Views

Thanks for those details, this is useful information regarding the whitelist settings. I'll inform engineering and, if we can reproduce the issue, will fix the issue in a future release. There's been some significant changes by Cordova to the whitelisting and I think our attempts to preserve compatibility for older CLI builds versus newer CLI builds as well as the old/new whitelist specs for Android may have caused this. It would be very helpful to have a copy of the <project-name>.xdk file for your project that causes this error, as a way to confirm some hunches.

I'll send you a separate private message that you can reply to if you're willing to share that information.

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

I can confirm that this kills the build.  I'm sending you two files:

1) <project-name>.xdk (this builds)

2)<project-name-with-intent-fails>.xdk (this does not build)

If this keeps up, you should start a bug bounty... ;-)

 

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

Sometimes, this just gets funny!

Your upload doesn't accept a file type of .xdk and dragging and dropping a .zip file caused the browser to lock up... after restarting the browser I used the manual method of attaching the file.  You should have it by now.

0 Kudos
PaulF_IntelCorp
Employee
543 Views

Phil -- thanks for providing those .xdk files. Sorry about the behavior of this forum, there is a larger ongoing project to update and replace it, the sooner the better. I really dislike the way these forums work. :-(

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

It's okay... I just spent two weeks tracking down, seeking help for, documenting and finding a workaround for a sqlite bug... there comes a point where hitting another bug is just funny... or, at least, all you can do is laugh! LOL

0 Kudos
PaulF_IntelCorp
Employee
543 Views

Phil -- are you putting the following into those whitelist fields in the UI:

<allow-intent href="tel:*" />

or this:

tel:*

 

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

I inserted it exactly as in comment #2 in this thread; https://software.intel.com/en-us/forums/intel-xdk/topic/681624#comment-1883131

0 Kudos
PaulF_IntelCorp
Employee
543 Views

Those fields are meant for entering just the data part of that XML field, not the entire tag. The appropriate tags will be generated by the XDK. So you should just be entering things like "tel:*" or "geo:*" (without the quotes) into the whitelist UI. I suspect the XML parser on the backend got confused by some XML embedded in XML.

0 Kudos
PaulF_IntelCorp
Employee
543 Views

I've asked for some better input validation on those fields, I'll as that it be enhanced to catch this sort of an issue.

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

If it's not allowed or will break the system, you have to catch it!

Also, I would suggest looking at the screenshot I provided.... the Labels say Intent (<allow-intent>) and Navigation (<allow-navigation>) both of which would imply that we should enter the entire tag.

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

Send a private message about some security concerns...

0 Kudos
PaulF_IntelCorp
Employee
543 Views

I can understand the confusion, and I have already requested input validation on our whitelist fields, even before this incident. We're waiting for some engineering cycles tho get them implemented. We'd love to have perfect input validation on all fields in the product, but we don't. It's an evolving process.

0 Kudos
Phil_P___Pete_
New Contributor I
543 Views

Yes, if you go down to the bottom of that article... I just realized you wrote it so now I know who to ask when I have questions... you reference using the allow-navigation but none of that says not to use the entire xml tag.

0 Kudos
PaulF_IntelCorp
Employee
543 Views

We provided the (<allow-intent>) and similar references in order to make it easier to cross-reference with the Cordova documentation.

0 Kudos
Reply