Supported Platforms

Currently, you can use Astro to build both iOS and Android applications.

For iOS, Astro supports iOS 9 and above. The Astro SDK and Astro apps are built using Xcode 11 and Swift 5.

For Android, Astro supports Android 4.4 and above. The Astro SDK and Astro apps are built using Android Studio 3.x.

For JavaScript, Astro supports node v8+ with npm v5+.


Astro integrates Cordova allowing you to use existing Cordova plugins in your Astro app.


Astro currently uses the following versions of Cordova:

Platform Version
iOS Cordova v4.1.1
Android Cordova v5.1.1

Site Requirements #

Astro puts very few requirements on the website that you use with an Astro app. There is one important caveat though: Content-Security-Policy (CSP). If your site is served with a CSP header (not <meta http-equiv="Content-Security-Policy"> tag) you must make sure it is compatible with Astro.

Content Security Policy is a security standard that helps to reduce Cross-site Scripting (XSS) attacks by declaring what resources a page may load. Put simply, it tells the browser where the page may fetch resources from.

The Astro client uses a custom URL scheme (astro://) to enable communication between the hosted website and other parts of Astro. If the server serves the Content-Security-Policy header and it does not explicitly allow the Astro scheme (astro://), then Astro will not work on that page/website.

When starting a new project, make sure to check if your site is served with a Content-Security-Policy header. If so, add the Astro scheme to the child-src directive. If no child-src directive exists, be sure to separate the existing Content-Security-Policy directive from the child-src one by a semi-colon.


< Content-Security-Policy: default-src 'self' https: data: ;script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' 'unsafe-eval';
> Content-Security-Policy: default-src 'self' https: data: ;child-src astro:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' 'unsafe-eval';