cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From csantan...@apache.org
Subject cordova-plugin-whitelist git commit: add note about redirects
Date Sun, 21 Feb 2016 19:58:50 GMT
Repository: cordova-plugin-whitelist
Updated Branches:
  refs/heads/master acee686ab -> 0c3b591ce


add note about redirects


Project: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/commit/0c3b591c
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/tree/0c3b591c
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/diff/0c3b591c

Branch: refs/heads/master
Commit: 0c3b591ce8ee0d0100af4b151ae43e0eabfed7a1
Parents: acee686
Author: Carlos Santana <csantana23@gmail.com>
Authored: Sun Feb 21 11:39:46 2016 -0800
Committer: Carlos Santana <csantana23@gmail.com>
Committed: Sun Feb 21 11:39:46 2016 -0800

----------------------------------------------------------------------
 README.md | 3 +++
 1 file changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/blob/0c3b591c/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index e846991..45d4d14 100644
--- a/README.md
+++ b/README.md
@@ -112,6 +112,9 @@ In `config.xml`, add `<access>` tags, like this:
 
 Without any `<access>` tags, only requests to `file://` URLs are allowed. However,
the default Cordova application includes `<access origin="*">` by default.
 
+
+Note: Whitelist cannot block network redirects from a whitelisted remote website (i.e. http
or https) to a non-whitelisted website. Use CSP rules to mitigate redirects to non-whitelisted
websites for webviews that support CSP.
+
 Quirk: Android also allows requests to https://ssl.gstatic.com/accessibility/javascript/android/
by default, since this is required for TalkBack to function properly.
 
 ### Content Security Policy


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org


Mime
View raw message