cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Clelland <>
Subject Re: Whitelist breakout update
Date Tue, 04 Nov 2014 03:08:16 GMT
On Mon Nov 03 2014 at 4:05:51 PM Marcel Kinard <> wrote:

> This sounds very interesting and relatively graceful.
> For a user upgrading to this new world, what would the migration steps
> look like? Or in other words, what would a rough sketch of the upgrade
> guide for this look like? The reason I ask is to see how much pain we'll
> ask our users to go through.

That's certainly a concern -- so for one thing, this would have to be on a
4.x version of any platforms that it applies to. It is a break in backwards
compatibility, so users should at least be prepared for it.

That said, I've tried to make it as simple as possible for them: If what
you want is no change at all in behaviour, then your upgrade should be just:

cordova plugin add org.apache.cordova.whitelist

There would be no configuration changes to make: the plugin reads the old
access tags, just as before, and applies the same policies based on them
that it did in 3.6.

And if your application doesn't rely on access to external sites, then it's
even simpler -- don't install the plugin, and you're likely more secure
than you were before.

> On Oct 30, 2014, at 4:04 PM, Ian Clelland <> wrote:
> > I've spent the majority of the week finishing up the whitelist-breakout
> > code, and I'd invite the rest of the community to take a look, before we
> > make anything official.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message