This is a crucial feature for development tools, and a valid production use case.
1. This is NOT breaking TOS with Apple, unless the developer decides to significantly change their app, which is bad practice anyway. 2. Care should be taken in what you deliver to your app, this is not cordova's concern. 3. Apps should provide 'some' offline experience, and not show a 404 of course, but that is up to the developer. 4. Yes, developers should be aware of this. 5. This is not 'repacking a website' you are missing the point, this is: 'making a purpose built web-app that you can make minor tweaks to without having to submit to app stores repeatedly, and to do some heavy lifting on the server.' Some notable apps that are examples of this: Amazon, Walmart, Apple Music, Apple App Store, ... On Tue, Oct 22, 2019 at 9:05 AM julio cesar sanchez <jcesarmob...@gmail.com> wrote: > The content tag is also used for pointing to local development servers and > benefit from live reloading, so how do you plan to deprecate it only for > remote urls? > > El mar., 22 oct. 2019 a las 17:46, Norman Breau (<nor...@normanbreau.com>) > escribió: > > > This is an extension of the issue I raised for adding warnings to the > > documentation which can be found at > > https://github.com/apache/cordova-docs/issues/1022 > > > > In my opinion there are several reasons why using a remote url (such as > > https://myserver.com/) to host a cordova app is bad practice. > > > > 1. If your app uses native APIs, you're breaking the terms of service of > > the Apple and Google Play app stores. See Section 2.5.2 Software > > Requirements of apples guidelines.[1] > > > > 2. Extending onto #1, it makes the app must more easier to become > > vulnerable to exploits, because any other > > third party code loaded onto the website may have access to the cordova > > APIs. > > > > 3. Apple & Google expects your app to be able to launch and "work" > > without a data connection. If your index file is > > remote, then your app cannot load to provide the user proper feedback > > that they require an internet connection. (See section 2.1 App > > Completeness & 4.2 Minimum Functionality apple guidelines)[1]. > > > > 4. Using a remote URL generally causes a lot of CORs related issues when > > using non-standard protocols such as cdvfile:// (see > > https://github.com/apache/cordova-plugin-file/issues/352) > > > > 5. Even if your app does not use native APIs, and it's just repackaging > > a website, this goes against section 4.2 on apples policy[1]. > > > > I don't exactly know how popular using <content src="remoteurl" /> is, > > but I do see it frequent enough on reported issues. This is kind of > > frightening. > > > > So given the reasons I listed above, I think allowing remote sources in > > the <content> tag should be deprecated, and eventually removed in the > > future, of course allowing time for developers to refactor their app to > > bundle their code within the app. > > > > Sources: > > [1] https://developer.apple.com/app-store/review/guidelines/#design > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > > For additional commands, e-mail: dev-h...@cordova.apache.org > > > > >
