Safari Mobile Sandbox allow-scripts

Question

Coopdis OP

Created Aug ’16

Replies 3

Boosts 0

Views 5.2k

Participants 4

Hi,

I'm developing an app on a esp8266 microcontroller that is controlled by a web browser... ideally Safari on my iPhone! The website is a fairly standard html/css/javascript/websockets type of thing.

For some reason I'm not able to load my javascript on Safari (or Chrome) on my iPhone??

Things work fine when viewed with Safari (or Chrome) on my MacBook.

I've boiled the problem down to the following example...

demo.html

<html>
<head>
    <title>Demo</title>
    <meta name="description" content="Test of basic Javascipt function">
    <script type="application/javascript" src="/demo.js"></script>
</head>
<body>
    DEMO<br>
    <div id="main"></div>
</body>
</html>

demo.js

var i = 0;
function update() {
    'use strict';
    document.getElementById("main").innerHTML = i;
    i = i + 1;
}
setInterval(update, 500);

When I load this from my computer, it runs fine, but when I load it on my iphone I get the following error via WebInspector...

Blocked script execution in 'http://IP_OF_WEBSERVER/demo.html'because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

For the life of me, I can't figure out how to set 'allow-scripts'. I've even hacked my webserver to send...

Content-Security-Policy: default-src 'self'; sandbox 'allow-scripts' 'allow-same-origin'; script-src 'unsafe-inline' 'unsafe-eval';

Doesn't appear to help in any way. I've been banging my head against this for a couple of days now, and I could really use some help.

Thanks,

Bill

Boost

Answer 1

Lloydbraun OP

Sep ’16

Bill,

Any luck with this issue?

0

Answer 2

kennetts06 OP

Oct ’16

I at exactly the same place you are at.

BTW - got the css sheets to lod with the correct HTTP/1.1 header information.

Like you, I have NOT got any iframe, but get the same error message you are getting for Safari ios 10 only (all previous versions and browsers on computers are fine with the script.

The script is in the html and not a separate file

I'd really love some help with this too!

0

Answer 3

jpangburn OP

Aug ’22

You run into this on microcontroller based "web servers" because you're not really running a proper web server following the HTTP protocol- you're just returning your HTML content directly on the socket. Ask me how I know :-) Ran into the same problem on the Raspberry Pi Pico W.

Anyway, how do you fix this? I did the following (the client variable is the open socket you're writing back on):

html = "Your HTML code or generator goes here, along with your javascript that isn't working"
client.send("HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n")
client.send(html)
client.close()

That's about the bare minimum you need to pretend to be following the HTTP protocol. Then Safari won't put your webpage in its sandbox.

0