Node v6
Starting with v0.19 Astro must be used with Node v6+!
Menu

Supported Platforms

Currently, you can use Astro to build both iOS and Android applications.

For iOS, Astro supports iOS 9 and above. The Astro SDK and Astro apps are built using Xcode 9.2 and Swift 4.

For Android, Astro supports Android 4.4 and above. The Astro SDK and Astro apps are built using Android Studio 3.x.

For JavaScript, Astro supports node v6+ with npm v3+.

Cordova

Astro integrates Cordova allowing you to use existing Cordova plugins in your Astro app.

Versions

Astro currently uses the following versions of Cordova:

Platform Version
iOS Cordova v4.1.1
Android Cordova v5.1.1

Site Requirements #

Astro puts very few requirements on the website that you use with an Astro app. There is one important caveat though: Content-Security-Policy (CSP). If your site is served with a CSP header (not <meta http-equiv="Content-Security-Policy"> tag) you must make sure it is compatible with Astro.

Content Security Policy is a security standard that helps to reduce Cross-site Scripting (XSS) attacks by declaring what resources a page may load. Put simply, it tells the browser where the page may fetch resources from.

The Astro client uses a custom URL scheme (astro://) to enable communication between the hosted website and other parts of Astro. If the server serves the Content-Security-Policy header and it does not explicitly allow the Astro scheme (astro://), then Astro will not work on that page/website.

When starting a new project, make sure to check if your site is served with a Content-Security-Policy header. If so, add the Astro scheme to the child-src directive. If no child-src directive exists, be sure to separate the existing Content-Security-Policy directive from the child-src one by a semi-colon.

Eg.

< Content-Security-Policy: default-src 'self' https: data: ;script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' 'unsafe-eval';
> Content-Security-Policy: default-src 'self' https: data: ;child-src astro:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' 'unsafe-eval';