cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: Whitelist in Cordova 3.0
Date Wed, 17 Jul 2013 17:50:51 GMT
Left a bunch of comments, which I think you've now all addressed.

It is too late for 3.0, So we'll have to just put this in 3.1 and document
3.0 has having different white-lists per-platform (maybe just recommend not
using the whitelist until 3.1?).


On Wed, Jul 17, 2013 at 12:38 PM, Ian Clelland <iclelland@google.com> wrote:

> I see filetransfer.spec.5 consistently failing when I run with the 3.0.x
> branch, with all plugins up to date.
>
> I believe that it is trying to transfer a file from
> http://cordova_user:cordova_password@cordova-filetransfer.jitsu.com, but
> the hostname is not passing the whitelist.
>
> I get the log message:
>
> W/FileTransfer(3456): Source URL is not in white list: '
>
> http://cordova_user:cordova_password@cordova-filetransfer.jitsu.com/download_basic_auth
> '
>
> The new whitelist implementation fixes this, but isn't going in to 3.0.
>
> Ian
>
> On Wed, Jul 17, 2013 at 10:46 AM, Joe Bowser <bowserj@gmail.com> wrote:
>
> > Which failing test?
> >
> > On Wed, Jul 17, 2013 at 6:26 AM, Ian Clelland <iclelland@chromium.org>
> > wrote:
> > > I haven't received any comments on the new Android whitelist
> > > implementation; it is working for me, passing all of the tests that I
> > have
> > > thrown at it.
> > >
> > > There is an equivalent iOS version available at
> > > https://reviews.apache.org/r/12668/
> > >
> > > This also resolves CB-4132, wherein filetransfer.spec.5 is failing on
> > > android due to user:pass@domain urls not being validated correctly.
> > >
> > > It's almost certainly too late to rip out the whitelist and replace it
> > for
> > > 3.0; I suppose that the one failing test will have to be okay.
> > >
> > > Should we look at getting this in to 3.1? Now that the release branches
> > are
> > > cut, I can add this to master and expand the testing pool for it.
> > >
> > > Ian
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message