cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ste...@apache.org
Subject [3/4] cordova-plugin-whitelist git commit: add note about redirects
Date Fri, 15 Apr 2016 20:50:02 GMT
add note about redirects


Project: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/commit/0c3b591c
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/tree/0c3b591c
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/diff/0c3b591c

Branch: refs/heads/1.2.x
Commit: 0c3b591ce8ee0d0100af4b151ae43e0eabfed7a1
Parents: acee686
Author: Carlos Santana <csantana23@gmail.com>
Authored: Sun Feb 21 11:39:46 2016 -0800
Committer: Carlos Santana <csantana23@gmail.com>
Committed: Sun Feb 21 11:39:46 2016 -0800

----------------------------------------------------------------------
 README.md | 3 +++
 1 file changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist/blob/0c3b591c/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index e846991..45d4d14 100644
--- a/README.md
+++ b/README.md
@@ -112,6 +112,9 @@ In `config.xml`, add `<access>` tags, like this:
 
 Without any `<access>` tags, only requests to `file://` URLs are allowed. However,
the default Cordova application includes `<access origin="*">` by default.
 
+
+Note: Whitelist cannot block network redirects from a whitelisted remote website (i.e. http
or https) to a non-whitelisted website. Use CSP rules to mitigate redirects to non-whitelisted
websites for webviews that support CSP.
+
 Quirk: Android also allows requests to https://ssl.gstatic.com/accessibility/javascript/android/
by default, since this is required for TalkBack to function properly.
 
 ### Content Security Policy


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org


Mime
View raw message