cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Gill <>
Subject Re: Cordova 5.0 user feedback - move to npm & whitelist plugin
Date Fri, 08 May 2015 01:16:47 GMT
(1) older versions of our docs point to for plugin
documentation. We haven't pointed people to github for plugin docs. Those
docs are accurate with the ID of the plugin. Adding a section to the readme
about needing cordova 5+ isn't a bad idea.

The plan is to switch our tools to grab from npm first and CPR second. I
believe we discussed doing this around the time CPR goes read only. Giving
IDE's and people using older versions a chance to upgrade.

We can publish updated plugins to CPR, but it is going to be quite a bit of
work. I created old-id branches for our core plugins that revert the
commits changing the ID and the commits where I change internal plugin
references from org.apache.cordova.* to cordova-plugin-*. It was a fairly
large change. The reason for the major jump was the plugin id change. I'd
recommend them sticking the versioning they are on instead of copying the
version of the npm series. The major version bump wasn't due to a change in
functionality in the plugins themselves.

If we want to release updated plugins to CPR, someone will need to do the
work to cherry-pick the new commits into old-id and do a separate vote for

(2) It is a fairly recent change. Any new app made with cordova-cli 5+ will
auto include the whitelist plugin due to the hello world config.xml
including it as a dependency. I think we need to document it more and make
more noise within the community about it. iOS 4.0 will also require the
whitelist plugin when it gets released. The more prepared we are, the

As for re-enabling network access by default, I wasn't really part of the
original thread so I will leave it to the people who were to discuss that

On Thu, May 7, 2015 at 8:55 AM, Nikhil Khandelwal <>

> There is a bunch of confusion with Cordova 5.0 users because of these two
> changes:
> 1. Move to npm for plugins (There have been multiple PRs trying to update
> plugin docs to reference the old id instead of the new one - because people
> are still using the old version of the CLI)
> 2. No network access in Android 4.0 without whitelist plugin:
>               -
>               -
> -
> I think for the (1), I suggest we do the following:
> 1.       Update the plugin documentation that the old id can be used for
> older CLI versions.
> 2.       Either update the CPM with 1.0 versions of the plugins or have
> the CLI get core plugins from npm first then CPR even with the old id.
> Using the old id because they were hardcoded in IDEs etc, devs are getting
> older version of the plugins.
> For (2), I think we should re-visit making whitelist part of the Android
> platform again or some other way of enabling network access by default. No
> network access (XHR) for a platform by default is a big change that's not
> well understood and not necessarily more secure. I'm new to this, but I did
> not fully understood the goals of moving the whitelisting to a plugin
> instead of it being part of the core.
> Thanks,
> Nikhil

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message