cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From agri...@apache.org
Subject cordova-plugins git commit: Add notes about data: within url-policy plugin
Date Tue, 03 Mar 2015 02:29:56 GMT
Repository: cordova-plugins
Updated Branches:
  refs/heads/master e5ed4cd27 -> 9e6a77805


Add notes about data: within url-policy plugin


Project: http://git-wip-us.apache.org/repos/asf/cordova-plugins/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugins/commit/9e6a7780
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugins/tree/9e6a7780
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugins/diff/9e6a7780

Branch: refs/heads/master
Commit: 9e6a778053e2e79fa3a9d9f58dc4456cc9e59a41
Parents: e5ed4cd
Author: Andrew Grieve <agrieve@chromium.org>
Authored: Mon Mar 2 21:29:40 2015 -0500
Committer: Andrew Grieve <agrieve@chromium.org>
Committed: Mon Mar 2 21:29:40 2015 -0500

----------------------------------------------------------------------
 url-policy/README.md                        | 6 +++++-
 url-policy/src/android/UrlPolicyPlugin.java | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/9e6a7780/url-policy/README.md
----------------------------------------------------------------------
diff --git a/url-policy/README.md b/url-policy/README.md
index 866271a..b5db680 100644
--- a/url-policy/README.md
+++ b/url-policy/README.md
@@ -23,9 +23,10 @@ other schemes, you must add `<allow-navigation>` tags to your `config.xml`:
          *NOT RECOMMENDED* -->
     <allow-navigation href="*" />
 
-    <!-- The above is equivalent to these two declarations -->
+    <!-- The above is equivalent to these three declarations -->
     <allow-navigation href="http://*/*" />
     <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
 
 ## Intent Whitelist
 Controls which URLs the app is allowed to ask the system to open.
@@ -98,3 +99,6 @@ Here are some example CSP declarations for your `.html` pages:
     <!-- Allow XHRs via https only -->
     <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:"/>
 
+    <!-- Allow data: URLs within iframes -->
+    <!-- Note: You would also need an <allow-navigation href="data:*" /> in your
config.xml -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src
'self' data:"/>

http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/9e6a7780/url-policy/src/android/UrlPolicyPlugin.java
----------------------------------------------------------------------
diff --git a/url-policy/src/android/UrlPolicyPlugin.java b/url-policy/src/android/UrlPolicyPlugin.java
index 8b29f79..6715224 100644
--- a/url-policy/src/android/UrlPolicyPlugin.java
+++ b/url-policy/src/android/UrlPolicyPlugin.java
@@ -76,6 +76,7 @@ public class UrlPolicyPlugin extends CordovaPlugin {
                 if ("*".equals(origin)) {
                     allowedNavigations.addWhiteListEntry("http://*/*", false);
                     allowedNavigations.addWhiteListEntry("https://*/*", false);
+                    allowedNavigations.addWhiteListEntry("data:*", false);
                 } else {
                     allowedNavigations.addWhiteListEntry(origin, false);
                 }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org


Mime
View raw message