Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cordova.apache.org
Received-SPF: pass (athena.apache.org: domain of csantana23@gmail.com
 designates 74.125.82.179 as permitted sender)
MIME-Version: 1.0
In-Reply-To: 
 <33eaa7ff17154c44a68d39f9c0c9587f@BLUPR03MB065.namprd03.prod.outlook.com>
References: <B459CDA2-39B0-404D-9513-FA2B917F39CF@gmail.com>
	<CAE6O_-bavFvcLSsjGQ8_Tgg=4QHVJyXra=dfEOTtOpjHhF-NMg@mail.gmail.com>
	<53dbfa5d.e2f2440a.051e.ffff90b1@mx.google.com>
	<CAFNH95RT0q9xDCGRu7zicsr9R0D4aV=H9Jqq3rcTKCjisVCKLQ@mail.gmail.com>
	<CANDRhHAjRV3dHGyQh+xKgmBdKnMqK_KxJt=-=M6Hn1voieKWew@mail.gmail.com>
	<CANV2e=HZ+ncCyYEn4fV2d=QWaajfzPKadwAY6bf0P0fXzhZz9w@mail.gmail.com>
	<53dc7488.283e460a.7848.ffffbb10@mx.google.com>
	<CA+h2+t2MkWNXgj7+rEuE+NgMCS+1sUJYdWL2VCGekav81zEKcA@mail.gmail.com>
	<CAEeF2Tf_3yYWywAimuauNvL-4fto3gXdMUb2WkbXekF7JkhA2g@mail.gmail.com>
	<CABiQX1VYW=nML2hP85p3kxEc53CuHsbWakOXidahRxr4tnkkmQ@mail.gmail.com>
	<CADVgkyOo7X-zzu24xSci1n6An7VuH7trO0=fQZLiRbDdt3HGsQ@mail.gmail.com>
	<CAHYtTqmm9QaKmzqYQ_YmY1QDJR5Zg+PuRW3szsRDO1LJ0k5EuA@mail.gmail.com>
	<CA+h2+t1WEWcMx+qxC__p1uV0RF+J5SB5fX0NNTF_gPUwdUM_8w@mail.gmail.com>
	<CADVgkyOTd0JVfGuVyZe40mb8-ZM6hV_8RDoHq6hjfNFNNbw0Aw@mail.gmail.com>
	<CAHYtTqmJpuWhQUHhvo-h4bhsuxFydbHTm0ChQRCnPr-PG-dO+A@mail.gmail.com>
	<CADVgkyO5c0W1h_fqAsQbg0PPG-6oDUzFLo1LTdaZfM3YJdmaMA@mail.gmail.com>
	<CAHYtTqnz7+060-La2iwNbpU3t1iYqu2NC2SF6pz10jxp9Mm2ww@mail.gmail.com>
	<CACuXHJNLAVDeVB5YwbnktWk=rRydreKjfua3Rjxwehu1Eq_Qww@mail.gmail.com>
	<CADVgkyNbUOWAFMNfA_7dcQyUR26wsdfOFdvB8cf06Af9rGBtkw@mail.gmail.com>
	<9d50193464ab44c3a28ba2f14888256e@BLUPR03MB065.namprd03.prod.outlook.com>
	<CADVgkyPfXXU=ZR0WQLkmQwFiYLMv4rx_t8nLVC_88GvpsDz9Nw@mail.gmail.com>
	<f1547fc486354762b4f52d66e2a611af@BLUPR03MB065.namprd03.prod.outlook.com>
	<CADVgkyOWo9MpX+jbqC9uW0B5GfcYL9XLegJWn5hwQZ5uoPcTpw@mail.gmail.com>
	<33eaa7ff17154c44a68d39f9c0c9587f@BLUPR03MB065.namprd03.prod.outlook.com>
Date: Thu, 4 Sep 2014 14:42:43 -0400
Message-ID: 
 <CAHYtTq=Wfg2qXV-KMwmW8XddK41GeO0GUi0gkZ0Bnbs8JRoTQw@mail.gmail.com>
Subject: Re: remotely loaded pages
From: Carlos Santana <csantana23@gmail.com>
To: "dev@cordova.apache.org" <dev@cordova.apache.org>
Content-Type: multipart/alternative; boundary=047d7bacc7d0cf3694050241b758

--047d7bacc7d0cf3694050241b758
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

+1 Service Worker in the future roadmap


On Wed, Sep 3, 2014 at 6:21 PM, Chuck Lantz <clantz@microsoft.com> wrote:

> Makes sense given appcache's issues.  As appropriate, appcache could be
> used as a part of a polyfill plugin (say managed by calling .update
> directly) where appropriate (particularly if it's part of the packaging
> mechanism on the platform).
>
> -Chuck
>
> -----Original Message-----
> From: brian.leroux@gmail.com [mailto:brian.leroux@gmail.com] On Behalf Of
> Brian LeRoux
> Sent: Wednesday, September 3, 2014 2:59 PM
> To: dev@cordova.apache.org
> Subject: Re: remotely loaded pages
>
> yea, agreed, tho I think Service Worker will be the spec we
> track/implement if necessary
>
>
>
> On Wed, Sep 3, 2014 at 2:49 PM, Chuck Lantz <clantz@microsoft.com> wrote:
>
> > Got it. I know it can be used with Windows apps so I incorrectly
> > jumped to a conclusion (though there are restrictions there around
> > HTTPS being required).  I misinterpreted the spellcaster comment about
> > saving to the "application cache" to be the appcache.  I definitely
> > think this is of interest in enterprise scenarios at a minimum.
> >
> > -Chuck
> >
> > -----Original Message-----
> > From: brian.leroux@gmail.com [mailto:brian.leroux@gmail.com] On Behalf
> > Of Brian LeRoux
> > Sent: Wednesday, September 3, 2014 2:35 PM
> > To: dev@cordova.apache.org
> > Subject: Re: remotely loaded pages
> >
> > there is no appcache in webview based apps=E2=80=A6unless we implement =
it as a
> > plugin (which we won't b/c appcache is a sort of terrible spec)
> >
> >
> >
> >
> > On Wed, Sep 3, 2014 at 2:25 PM, Chuck Lantz <clantz@microsoft.com>
> wrote:
> >
> > > Out of curiosity, for production use where you presumably want
> > > people to take the updates (say because you don't want to keep your
> > > web service back-end supporting older versions of your app),
> > > wouldn't simply using an offline appcache with a hosted source
> > > achieve some of the same goals?  At a certain point I suppose you
> > > hit size limits if you update all of your app content - iOS maxes out
> at 10mb I think.
> > >
> > > -Chuck
> > >
> > > -----Original Message-----
> > > From: brian.leroux@gmail.com [mailto:brian.leroux@gmail.com] On
> > > Behalf Of Brian LeRoux
> > > Sent: Thursday, August 21, 2014 12:15 PM
> > > To: dev@cordova.apache.org
> > > Subject: Re: remotely loaded pages
> > >
> > > No apologies! It definitely *is* for dev authoring workflow
> > > currently =E2=80=A6but given the #'s I think it could be suitable for
> > > production runtime. (Sorry I wasn't clear on that.)
> > >
> > >
> > > On Thu, Aug 21, 2014 at 11:35 AM, Tim Kim <timkim85@gmail.com> wrote:
> > >
> > > > >
> > > > > I wonder how it solves the problems of serving the correct
> > > > > version of cordova.js and cordova_plugin.js depending on the
> > > > > version of the native code that is installed on the different
> > > > > versions of the mobile App in production.
> > > >
> > > >
> > > > When you connect to the IP that's being served by
> > > > connect-phonegap, the client will send its device.version and
> > > > device.platform to the server. On the server's side, there's a res
> > > > folder within connect-phonegap with all the various version and
> > > > platforms of the cordova.js, cordova_plugins.js and plugins/.
> > > >
> > > >
> > > > On 21 August 2014 11:20, Carlos Santana <csantana23@gmail.com>
> wrote:
> > > >
> > > > > Sorry Brian, I thought it was a development time tool to allow
> > > > > for fast development cycle associated with PhoneGap Developer App=
.
> > > > >
> > > > > I guess they can use it and run the connect-phonegap in a
> > > > > production node-js backend system, I wonder how it solves the
> > > > > problems of serving
> > > > the
> > > > > correct version of cordova.js and cordova_plugin.js depending on
> > > > > the version of the native code that is installed on the
> > > > > different versions of the mobile App in production.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Thu, Aug 21, 2014 at 2:06 PM, Brian LeRoux <b@brian.io> wrote:
> > > > >
> > > > > > totally, though connect-phonegap *could* be considered
> > > > > > production
> > > > worthy
> > > > > > (it is being used significantly by the pg downstream
> > > > > > community)
> > > > > >
> > > > > >
> > > > > > On Thu, Aug 21, 2014 at 10:53 AM, Carlos Santana
> > > > > > <csantana23@gmail.com
> > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > Brain I think that's OK at development time everything is
> > > > > > > fair game
> > > > :-)
> > > > > > >
> > > > > > > The problem is developers doing stupid things like loading a
> > > > cordova.js
> > > > > > > from a place they don't know for a in production app being
> > > > > > > used by
> > > > end
> > > > > > > users, that's just kamikaze
> > > > > > >
> > > > > > > That's OK if they want to shoot themselves in the foot, but
> > > > > > > then
> > > > don't
> > > > > > come
> > > > > > > crying to JIRA claiming that is a problem with Cordova projec=
t.
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Aug 21, 2014 at 1:30 PM, Brian LeRoux <b@brian.io>
> > wrote:
> > > > > > >
> > > > > > > > phonegap-connect serves up remote cordova.js (negotiates
> > > > > > > > the
> > > > > requestor
> > > > > > to
> > > > > > > > send the right file)
> > > > > > > >
> > > > > > > > no deaths yet!
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > https://github.com/phonegap/connect-phonegap/blob/master/lib/middl
> > > > ew
> > > > ar
> > > > e/cordova/cordova.js#L29
> > > > > > > >
> > > > > > > >
> > > > > > > > On Wed, Aug 20, 2014 at 8:57 PM, Ally Ogilvie
> > > > > > > > <aogilvie@wizcorp.jp
> > > > >
> > > > > > > wrote:
> > > > > > > >
> > > > > > > > > That's a good difference to point out.
> > > > > > > > >
> > > > > > > > > >My personal position is that scenarios where developer
> > > > > > > > > >is in
> > > > > control
> > > > > > > and
> > > > > > > > > >loaded locally (i.e. directupdate, appmobi,
> > > > > > > > > >spellcaster) is a
> > > > > valid
> > > > > > > > > >scenario for Cordova
> > > > > > > > >
> > > > > > > > > I agree, because as cordova.js and cordovaLib are
> > > > > > > > > version linked,
> > > > > it
> > > > > > > > makes
> > > > > > > > > sense that once an index.html is pulled in, it's
> > > > > > > > > cordova.js to
> > > > load
> > > > > > is
> > > > > > > > > already in the client application.
> > > > > > > > > Loading an external cordova.js would be suicidal. So we
> > > > > > > > > save the
> > > > > file
> > > > > > > > > locally to write into it's <HEAD> our known path to
> > > > > > > > > codova.js
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Thu, Aug 21, 2014 at 9:37 AM, Carlos Santana <
> > > > > > csantana23@gmail.com>
> > > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > I want to make clarification there is a notable
> > > > > > > > > > difference
> > > > > between
> > > > > > > > > loading
> > > > > > > > > > a remotely-loaded *(non-local) *HTML pages with
> > > > > > > > > > Cordova vs. a
> > > > > > > > downloaded
> > > > > > > > > > webapp to be loaded from a *local* HTML.
> > > > > > > > > >
> > > > > > > > > > IBM Worklight has a feature "Direct update"
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > http://www-01.ibm.com/support/knowledgecenter/api/content/SSZH4A_6
> > > > .2
> > > > .0
> > > >
> /com.ibm.worklight.dev.doc/admin/c_direct_updates_app_versions_to_mob.
> > > > html?locale=3Den
> > > > > > > > > >
> > > > > > > > > > The scenario is a download and local load of
> html/cordova.
> > > > > Similar
> > > > > > > > > scenario
> > > > > > > > > > as spellcaster and appmobi For this scenario there is
> > > > > > > > > > control from app developer of the
> > > > code
> > > > > > > being
> > > > > > > > > > loaded.
> > > > > > > > > >
> > > > > > > > > > What Marcel is asking is a *non-local* load of
> > > > > > > > > > arbitrary
> > > > > html/code
> > > > > > > not
> > > > > > > > > > control by developer, developer loading a free html
> > > > > > > > > > page own
> > > > > > someone
> > > > > > > > else
> > > > > > > > > > and doing kind of a "document.location.replace('
> > > > > > > > > > http://somerandom.com/thisotherguy.html')"
> > > > > > > > > >
> > > > > > > > > > My personal position is that scenarios where developer
> > > > > > > > > > is in
> > > > > > control
> > > > > > > > and
> > > > > > > > > > loaded locally (i.e. directupdate, appmobi,
> > > > > > > > > > spellcaster) is a
> > > > > valid
> > > > > > > > > > scenario for Cordova. loading a random cordova.js
> > > > > > > > > > directly
> > > > from a
> > > > > > > > > non-local
> > > > > > > > > > random place not guarantee to be supported.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On Wed, Aug 20, 2014 at 12:07 PM, Brian LeRoux
> > > > > > > > > > <b@brian.io>
> > > > > wrote:
> > > > > > > > > >
> > > > > > > > > > > Very much so. So much so, I think we should even
> > > > > > > > > > > consider
> > > > such
> > > > > > > > > > > functionality as 'core'. Could dovetail w/
> Serviceworker.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On Wed, Aug 20, 2014 at 7:26 AM, Andrew Grieve <
> > > > > > > agrieve@chromium.org
> > > > > > > > >
> > > > > > > > > > > wrote:
> > > > > > > > > > >
> > > > > > > > > > > > I think this is a very desired plugin that many
> > > > > > > > > > > > end up
> > > > > > > re-writing,
> > > > > > > > > and
> > > > > > > > > > > it's
> > > > > > > > > > > > far better than setting the content src directly
> > > > > > > > > > > > to a
> > > > remote
> > > > > > URL.
> > > > > > > > > > > >
> > > > > > > > > > > > E.g. just stumbled across this yesterday:
> > > > > > > > > > > > http://docs.appmobi.com/index.php/live-update/
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > On Wed, Aug 20, 2014 at 7:57 AM, Michal Mocny <
> > > > > > > mmocny@chromium.org
> > > > > > > > >
> > > > > > > > > > > wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > > Make it available Ally, of course that sounds
> > > > interesting!
> > > > > > > > > > > > >
> > > > > > > > > > > > > I'm sure a few of us have suggestions for
> > > > > > > > > > > > > improvements
> > > > too.
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Wed, Aug 20, 2014 at 2:38 AM, Ally Ogilvie <
> > > > > > > > aogilvie@wizcorp.jp
> > > > > > > > > >
> > > > > > > > > > > > wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > > Marcel, Sorry for the late reply.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > For some games that I produce where the entire
> > > > > > > > > > > > > > game is
> > > > > > served
> > > > > > > > to
> > > > > > > > > > the
> > > > > > > > > > > > > client
> > > > > > > > > > > > > > (requires no .html in the application) we have
> > > > > > > > > > > > > > a tool
> > > > > > called
> > > > > > > > > > > > > "spellcaster".
> > > > > > > > > > > > > > Spellcaster handles internet connectivity,
> > > > > > > > > > > > > > localisation
> > > > > and
> > > > > > > > > Cordova
> > > > > > > > > > > > code
> > > > > > > > > > > > > > injection. It works as follows:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > One simply adds an application URL to
> > > > > > > > > > > > > > Cordova's
> > > > > config.xml
> > > > > > in
> > > > > > > > > > > <content
> > > > > > > > > > > > > > src=3DYOUR_URL_HERE>
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > - Spellcaster will check for an active
> > > > > > > > > > > > > > internet
> > > > > connection.
> > > > > > > If
> > > > > > > > > one
> > > > > > > > > > is
> > > > > > > > > > > > not
> > > > > > > > > > > > > > found Spellcaster will continue retrying at a
> > > > > > > > > > > > > > set
> > > > > interval.
> > > > > > > > > > > > > > - Spellcaster downloads the content of the
> > > > > > > > > > > > > > provided
> > > > > > > application
> > > > > > > > > URL
> > > > > > > > > > > and
> > > > > > > > > > > > > > stores to application cache (overriding any
> > > > > > > > > > > > > > existing
> > > > > > loader).
> > > > > > > > > > > > > > - Spellcaster injects Cordova script tags just
> > > > > > > > > > > > > > after
> > > > the
> > > > > > > <head>
> > > > > > > > > > tag.
> > > > > > > > > > > > > > - Spellcaster loads the new *loader into the
> > > > > > > > > > > > > > WebView
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > *loader is your html to load.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Are people still in need of such a solution? I
> > > > > > > > > > > > > > could
> > > > have
> > > > > > > this
> > > > > > > > > code
> > > > > > > > > > > > made
> > > > > > > > > > > > > > public it just needs a public sanitise check.
> > > > Spellcaster
> > > > > > > > > supports
> > > > > > > > > > > iOS
> > > > > > > > > > > > > and
> > > > > > > > > > > > > > Android.
> > > > > > > > > > > > > > For iOS it requires 1 line of code to be added
> > > > > > > > > > > > > > to didFinishLaunchingWithOptions.
> > > > > > > > > > > > > > For Android it requires these overrides in
> > onCreate:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > @Override
> > > > > > > > > > > > > > public void onCreate(Bundle savedInstanceState)=
 {
> > > > > > > > > > > > > >     super.onCreate(savedInstanceState);
> > > > > > > > > > > > > >     super.init();
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > @Override
> > > > > > > > > > > > > > public void init() { Spellcaster spellcaster =
=3D
> > > > > > > > > > > > > > new Spellcaster(); spellcaster.init(this,
> > > > > > > > > > > > > > Config.getStartUrl(), appView); ...
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > @Override
> > > > > > > > > > > > > > public void
> > > > > > > > > > > > > > init(org.apache.cordova.CordovaWebView
> > > > > webView,
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > org.apache.cordova.CordovaWebViewClient
> > > > > > > > > webViewClient,
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > org.apache.cordova.CordovaChromeClient
> > > > > > > > > > webChromeClient)
> > > > > > > > > > > {
> > > > > > > > > > > > > >     super.init(webView, webViewClient,
> > > > webChromeClient);
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >     Spellcaster spellcaster =3D new Spellcaster=
();
> > > > > > > > > > > > > >     spellcaster.init(this,
> > > > > > > > > > > > > > Config.getStartUrl(),
> > > > > webView);
> > > > > > > > > > > > > > ...
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On Sat, Aug 2, 2014 at 2:17 PM, purplecabbage
> > > > > > > > > > > > > > <
> > > > > > > > > > > purplecabbage@gmail.com
> > > > > > > > > > > > >
> > > > > > > > > > > > > > wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > > It is great design for development, and
> netflix.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Sent from my iPhone
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > On Aug 1, 2014, at 4:26 PM, Marc Weiner <
> > > > > > > > > mhweiner234@gmail.com
> > > > > > > > > > >
> > > > > > > > > > > > > wrote:
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > It's technically possible, and even
> > > > > > > > > > > > > > > > (arguably)
> > > > legal
> > > > > > > > > according
> > > > > > > > > > to
> > > > > > > > > > > > > > Apple's
> > > > > > > > > > > > > > > > documentation, depending on the nature of
> > > > > > > > > > > > > > > > the code
> > > > > and
> > > > > > > how
> > > > > > > > > it's
> > > > > > > > > > > > > > > implemented:
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > 3.3.2 An Application may not download or
> > > > > > > > > > > > > > > > install
> > > > > > > executable
> > > > > > > > > > code.
> > > > > > > > > > > > > > > > Interpreted code may only be used in an
> > > > > > > > > > > > > > > > Application
> > > > > if
> > > > > > > all
> > > > > > > > > > > scripts,
> > > > > > > > > > > > > > code
> > > > > > > > > > > > > > > > and interpreters are packaged in the
> > > > > > > > > > > > > > > > Application
> > > > and
> > > > > > not
> > > > > > > > > > > > downloaded.
> > > > > > > > > > > > > > The
> > > > > > > > > > > > > > > > only exception to the foregoing is scripts
> > > > > > > > > > > > > > > > and code
> > > > > > > > > downloaded
> > > > > > > > > > > and
> > > > > > > > > > > > > run
> > > > > > > > > > > > > > by
> > > > > > > > > > > > > > > > Apple's built-in WebKit framework,
> > > > > > > > > > > > > > > > provided that
> > > > such
> > > > > > > > scripts
> > > > > > > > > > and
> > > > > > > > > > > > > code
> > > > > > > > > > > > > > do
> > > > > > > > > > > > > > > > not change the primary purpose of the
> > > > > > > > > > > > > > > > Application
> > > > by
> > > > > > > > > providing
> > > > > > > > > > > > > features
> > > > > > > > > > > > > > > or
> > > > > > > > > > > > > > > > functionality that are inconsistent with
> > > > > > > > > > > > > > > > the
> > > > intended
> > > > > > and
> > > > > > > > > > > > advertised
> > > > > > > > > > > > > > > > purpose of the Application as submitted to
> > > > > > > > > > > > > > > > the App
> > > > > > Store.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > However, I would only do so if the code is
> > > > > > > > > > > > > > > > coming
> > > > > from
> > > > > > a
> > > > > > > > > server
> > > > > > > > > > > > that
> > > > > > > > > > > > > > you
> > > > > > > > > > > > > > > > control, and if you are able to control
> > > > > > > > > > > > > > > > what code
> > > > is
> > > > > > > > getting
> > > > > > > > > > > > > executed.
> > > > > > > > > > > > > > > > Loading in 3rd party, unverified scripts
> > > > > > > > > > > > > > > > into your
> > > > > > > Cordova
> > > > > > > > > view
> > > > > > > > > > > is
> > > > > > > > > > > > a
> > > > > > > > > > > > > > big
> > > > > > > > > > > > > > > > "no-no" for security reasons, and could
> > > > > > > > > > > > > > > > get your
> > > > app
> > > > > > > > delisted
> > > > > > > > > > (or
> > > > > > > > > > > > > > > rejected).
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > If anyone else has more information on the
> > > > > > > > > > > > > > > > topic,
> > > > I'd
> > > > > > be
> > > > > > > > > > > interested
> > > > > > > > > > > > > in
> > > > > > > > > > > > > > > > hearing it.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Marc
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > >> On Fri, Aug 1, 2014 at 7:01 PM, Victor
> > > > > > > > > > > > > > > >> Sosa <
> > > > > > > > > > > > sosah.victor@gmail.com
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > > wrote:
> > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > >> Hi Frederico.
> > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > >> While what you are saying about the
> > > > > > > > > > > > > > > >> policies
> > > > stores
> > > > > is
> > > > > > > > true,
> > > > > > > > > > > this
> > > > > > > > > > > > > > > applies
> > > > > > > > > > > > > > > >> to public stores only (as far as I can
> tell).
> > > > > > > > > > > > > > > >> For
> > > > > > > > on-premise
> > > > > > > > > > app
> > > > > > > > > > > > > > stores
> > > > > > > > > > > > > > > >> this might be false because each store
> > > > > > > > > > > > > > > >> owner need
> > > > to
> > > > > > set
> > > > > > > > and
> > > > > > > > > > > apply
> > > > > > > > > > > > > the
> > > > > > > > > > > > > > > >> governance for the apps. It could end on
> > > > > > > > > > > > > > > >> horrible
> > > > > > > results
> > > > > > > > > due
> > > > > > > > > > > to a
> > > > > > > > > > > > > bad
> > > > > > > > > > > > > > > >> implementation.
> > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > >> I concur with everyone, it is possible
> > > > > > > > > > > > > > > >> but awful
> > > > > > design
> > > > > > > > > > > > > > > >> On Aug 1, 2014 4:35 PM, "Frederico Galv=C3=
=A3o"
> > > > > > > > > > > > > > > >> < frederico.galvao@pontoget.com.br>
> > > > > > > > > > > > > > > >> wrote:
> > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > >>> I don't have the details in hand at the
> > > > > > > > > > > > > > > >>> moment,
> > > > > but I
> > > > > > > > > > remember
> > > > > > > > > > > > > seeing
> > > > > > > > > > > > > > > in
> > > > > > > > > > > > > > > >>> more than one application store last
> > > > > > > > > > > > > > > >>> year
> > > > policies
> > > > > > > being
> > > > > > > > > > > changed
> > > > > > > > > > > > to
> > > > > > > > > > > > > > > >>> disallow remote code to run in an
> > > > > > > > > > > > > > > >>> application
> > > > > > > on-demand.
> > > > > > > > > Such
> > > > > > > > > > > > rules
> > > > > > > > > > > > > > > >> *could*
> > > > > > > > > > > > > > > >>> as well be applied to Cordova apps that
> > > > > > > > > > > > > > > >>> load
> > > > remote
> > > > > > > > content
> > > > > > > > > > > > > > considered
> > > > > > > > > > > > > > > as
> > > > > > > > > > > > > > > >>> code (HTML isn't, but JS is). It's not
> > > > > > > > > > > > > > > >>> only a
> > > > > > security
> > > > > > > > > > concern
> > > > > > > > > > > > per
> > > > > > > > > > > > > > se,
> > > > > > > > > > > > > > > >> but
> > > > > > > > > > > > > > > >>> also an imposed limitation on the stores
> > > > > > > > > > > > > > > >>> (which
> > > > > were
> > > > > > > > > > obviously
> > > > > > > > > > > > > > created
> > > > > > > > > > > > > > > >> for
> > > > > > > > > > > > > > > >>> security concerns in the first place).
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> Not even mentioning the issues with
> > > > > > > > > > > > > > > >>> providing the
> > > > > > right
> > > > > > > > > > > > cordova.js
> > > > > > > > > > > > > > > >> version
> > > > > > > > > > > > > > > >>> from the remote server not really
> > > > > > > > > > > > > > > >>> knowing where
> > > > the
> > > > > > > > request
> > > > > > > > > > > came
> > > > > > > > > > > > > > from.
> > > > > > > > > > > > > > > >>> However, it's good to note too that
> > > > > > > > > > > > > > > >>> aside
> > > > Phonegap
> > > > > > > > > Developer
> > > > > > > > > > > App,
> > > > > > > > > > > > > > there
> > > > > > > > > > > > > > > >> is
> > > > > > > > > > > > > > > >>> also Adobe Hydration that does the exact
> > > > > > > > > > > > > > > >>> same
> > > > thing
> > > > > > as
> > > > > > > a
> > > > > > > > > side
> > > > > > > > > > > > > service
> > > > > > > > > > > > > > > to
> > > > > > > > > > > > > > > >>> Phonegap Build. I don't know if they've
> > > > > > > > > > > > > > > >>> come into
> > > > > any
> > > > > > > of
> > > > > > > > > the
> > > > > > > > > > > > issues
> > > > > > > > > > > > > > > >>> mentioned, and I haven't even heard of
> > > > > > > > > > > > > > > >>> it being
> > > > > used
> > > > > > in
> > > > > > > > > > > > production.
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> 2014-08-01 17:36 GMT-03:00 purplecabbage
> > > > > > > > > > > > > > > >>> <
> > > > > > > > > > > > purplecabbage@gmail.com
> > > > > > > > > > > > > >:
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>>> I agree with all your statements Marcel.
> > > > > > > > > > > > > > > >>>> I use
> > > > > this
> > > > > > > > > approach
> > > > > > > > > > > > > > > frequently
> > > > > > > > > > > > > > > >>> in
> > > > > > > > > > > > > > > >>>> dev for fast turnaround.
> > > > > > > > > > > > > > > >>>> Ultimately App Store policies decide
> > > > > > > > > > > > > > > >>>> what can
> > > > and
> > > > > > > cannot
> > > > > > > > > be
> > > > > > > > > > > > done.
> > > > > > > > > > > > > > > >>>>
> > > > > > > > > > > > > > > >>>> Regarding security, there is nothing I
> > > > > > > > > > > > > > > >>>> can do
> > > > > with a
> > > > > > > > > remote
> > > > > > > > > > > page
> > > > > > > > > > > > > > that
> > > > > > > > > > > > > > > I
> > > > > > > > > > > > > > > >>>> can't already do inside my app. It's an
> > > > > > > > > > > > > > > >>>> issue of
> > > > > > > trust.
> > > > > > > > > > > > > > > >>>>
> > > > > > > > > > > > > > > >>>>
> > > > > > > > > > > > > > > >>>> Sent from my iPhone
> > > > > > > > > > > > > > > >>>>
> > > > > > > > > > > > > > > >>>>> On Aug 1, 2014, at 10:35 AM, Shazron <
> > > > > > > > shazron@gmail.com>
> > > > > > > > > > > > wrote:
> > > > > > > > > > > > > > > >>>>>
> > > > > > > > > > > > > > > >>>>> I agree that it is not recommended,
> > > > > > > > > > > > > > > >>>>> but it's
> > > > > > > possible.
> > > > > > > > I
> > > > > > > > > > > delved
> > > > > > > > > > > > > > into
> > > > > > > > > > > > > > > >>>>> this question here:
> > > > > > > > > > > > > > > >>>>>
> > > > > > > > https://github.com/shazron/phonegap-questions/issues/37
> > > > > > > > > > > > > > > >>>>>
> > > > > > > > > > > > > > > >>>>> The PhoneGap Developer App is an
> > > > > > > > > > > > > > > >>>>> example of how
> > > > > > this
> > > > > > > is
> > > > > > > > > > > working
> > > > > > > > > > > > > at
> > > > > > > > > > > > > > > >>>>> http://app.phonegap.com but they do
> > > > > > > > > > > > > > > >>>>> some
> > > > > proxying
> > > > > > to
> > > > > > > > get
> > > > > > > > > > > > around
> > > > > > > > > > > > > > the
> > > > > > > > > > > > > > > >>>>> CORS limitations I believe.
> > > > > > > > > > > > > > > >>>>>
> > > > > > > > > > > > > > > >>>>>> On Fri, Aug 1, 2014 at 10:23 AM,
> > > > > > > > > > > > > > > >>>>>> Marcel
> > > > Kinard <
> > > > > > > > > > > > > > cmarcelk@gmail.com>
> > > > > > > > > > > > > > > >>>> wrote:
> > > > > > > > > > > > > > > >>>>>> I've been getting occasional
> > > > > > > > > > > > > > > >>>>>> questions about
> > > > > users
> > > > > > > > > trying
> > > > > > > > > > to
> > > > > > > > > > > > use
> > > > > > > > > > > > > > > >>>> remotely-loaded (non-local) HTML pages
> > > > > > > > > > > > > > > >>>> with
> > > > > Cordova
> > > > > > > (in
> > > > > > > > > the
> > > > > > > > > > > > > webview,
> > > > > > > > > > > > > > > >> not
> > > > > > > > > > > > > > > >>>> InAppBrowser), and still expecting to
> > > > > > > > > > > > > > > >>>> have
> > > > access
> > > > > to
> > > > > > > the
> > > > > > > > > > > plugin
> > > > > > > > > > > > > APIs
> > > > > > > > > > > > > > > >>>> (camera is a popular one). My response
> > > > > > > > > > > > > > > >>>> so far
> > > > is:
> > > > > > > "This
> > > > > > > > is
> > > > > > > > > > an
> > > > > > > > > > > > > > > >> unsupported
> > > > > > > > > > > > > > > >>>> configuration, because Cordova was not
> > > > > > > > > > > > > > > >>>> designed
> > > > > for
> > > > > > > this
> > > > > > > > > and
> > > > > > > > > > > the
> > > > > > > > > > > > > > > >>> community
> > > > > > > > > > > > > > > >>>> does no testing of this configuration.
> > > > > > > > > > > > > > > >>>> While it
> > > > > can
> > > > > > > work
> > > > > > > > > in
> > > > > > > > > > > some
> > > > > > > > > > > > > > > >>>> circumstances, it is not recommended
> > > > > > > > > > > > > > > >>>> nor
> > > > > supported."
> > > > > > > > > > > > > > > >>>>>>
> > > > > > > > > > > > > > > >>>>>> My definition of "unsupported" is not
> > > > > > > > > > > > > > > >>>>>> that it
> > > > is
> > > > > > > > > > incapable,
> > > > > > > > > > > > but
> > > > > > > > > > > > > > that
> > > > > > > > > > > > > > > >>> we
> > > > > > > > > > > > > > > >>>> don't claim that it is supposed to
> > > > > > > > > > > > > > > >>>> work, and
> > > > more
> > > > > > > > > > importantly,
> > > > > > > > > > > > we
> > > > > > > > > > > > > > > won't
> > > > > > > > > > > > > > > >>>> actively fix user-submitted defects on
> > > > > > > > > > > > > > > >>>> this
> > > > topic.
> > > > > > > > > > > > > > > >>>>>>
> > > > > > > > > > > > > > > >>>>>> The main concern I have on this is
> > > > > > > > > > > > > > > >>>>>> same origin
> > > > > > > policy,
> > > > > > > > > and
> > > > > > > > > > > > > > matching
> > > > > > > > > > > > > > > >>> the
> > > > > > > > > > > > > > > >>>> remotely-served cordova.js with the
> > > > > > locally-installed
> > > > > > > > > native
> > > > > > > > > > > > > Cordova
> > > > > > > > > > > > > > > >>>> platform to avoid version mismatch.
> > > > > > > > > > > > > > > >>>>>>
> > > > > > > > > > > > > > > >>>>>> Do you think I'm out in-the-weeds on
> > > > > > > > > > > > > > > >>>>>> this, or
> > > > do
> > > > > > you
> > > > > > > > > > agree?
> > > > > > > > > > > > > > > >>>>>>
> > > > > > > > > > > > > > > >>>>>> If you agree, what would you think of
> > > > > > > > > > > > > > > >>>>>> a blurb
> > > > in
> > > > > > > > > > > cordova-docs
> > > > > > > > > > > > > > > >>> somewhere
> > > > > > > > > > > > > > > >>>> that captures this gist?
> > > > > > > > > > > > > > > >>>>>>
> > > > > > > > > > > > > > > >>>>>> Thanks for your feedback!
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> --
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> *Frederico Galv=C3=A3o*
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> Diretor de Tecnologia
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> PontoGet Inova=C3=A7=C3=A3o Web
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> ( +55(62) 8131-5720
> > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > >>> * www.pontoget.com.br
> > > > > > > > > > > > > > > >>> <http://www.pontoget.com/>
> > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > --
> > > > > > > > > > > > > > <http://www.wizcorp.jp/>Ally Ogilvie Lead
> > > > > > > > > > > > > > Developer - MobDev. | Wizcorp Inc. <
> > > > > > > > http://www.wizcorp.jp/>
> > > > > > > > > > > > > > ------------------------------ TECH . GAMING .
> > > > > > > > > > > > > > OPEN-SOURCE WIZARDS+ 81 (0)3-4550-1448
> > > > |
> > > > > > > > Website
> > > > > > > > > > > > > > <http://www.wizcorp.jp/> | Twitter <
> > > > > > > > https://twitter.com/Wizcorp>
> > > > > > > > > |
> > > > > > > > > > > > > > Facebook
> > > > > > > > > > > > > > <http://www.facebook.com/Wizcorp> | LinkedIn
> > > > > > > > > > > > > > <http://www.linkedin.com/company/wizcorp>
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Carlos Santana
> > > > > > > > > > <csantana23@gmail.com>
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > <http://www.wizcorp.jp/>Ally Ogilvie Lead Developer -
> > > > > > > > > MobDev. | Wizcorp Inc. <http://www.wizcorp.jp/>
> > > > > > > > > ------------------------------ TECH . GAMING .
> > > > > > > > > OPEN-SOURCE
> > > > > > > > > WIZARDS+ 81 (0)3-4550-1448 | Website
> > > > > > > > > <http://www.wizcorp.jp/> | Twitter
> > > > > > > > > <https://twitter.com/Wizcorp>
> > > > |
> > > > > > > > > Facebook
> > > > > > > > > <http://www.facebook.com/Wizcorp> | LinkedIn
> > > > > > > > > <http://www.linkedin.com/company/wizcorp>
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Carlos Santana
> > > > > > > <csantana23@gmail.com>
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Carlos Santana
> > > > > <csantana23@gmail.com>
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Timothy Kim
> > > >
> > >
> >
>


--=20
Carlos Santana
<csantana23@gmail.com>

--047d7bacc7d0cf3694050241b758--