cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Mocny <>
Subject Re: Android's new Whitelist Plugins
Date Tue, 03 Mar 2015 16:22:45 GMT
My thoughts:

- The split between <allow-navigation>, <allow-intent>, and <access>: Like
it a lot.
- I think the defaults *for the plugin* are very reasonable.  However, we
may want to provide a default set of tags for the hello world app.  A year
or so ago we added a default access * whitelist and I think maybe we should
continue that.  (on the other hand, I've gotten used to explicitly
whitelisting every url as part of chrome packaged app development and its
not so bad).
  - Additionally, that means this plugin should be installed by default.
As we discussed this morning, with the new plugin --save functionality we
could just add this to the helloworld config.xml, I think!
- Do you really need a CSP meta tag *and* <access> declarations?   Thats
what the implies, but I would assume CSP trumps?


On Mon, Mar 2, 2015 at 9:38 PM, Andrew Grieve <> wrote:

> I've tried to explain it in the plugin's readme:
> Some points for discussion:
> - What should the default behaviour be for the three whitelists (what
> should happen if not whitelist plugin is installed).
>   - right now it can't open external URLs
>   - and can't do XHRs to http(s)
> - Is the plugin name decent ("url-policy"). We should make a dedicated git
> repo for it (as well as for legacy-whitelist plugin)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message