cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shazron <shaz...@gmail.com>
Subject [iOS] proposed major whitelist change
Date Mon, 20 Jul 2015 22:24:08 GMT
https://github.com/apache/cordova-plugin-whitelist

Previously, the initial implementation for the plugin for iOS didn't
support the <access> tag, but that proved problematic since not supporting
it meant all *native* code network connections were effectively blacklisted.

I added the support back in, but this will end up confusing the user even
more. Right now we are recommending that the user support CSP, but that
only works in the context of the WebView (whether UIWebView or WKWebView) -
ie xhr, images, etc.

If the user specified a CSP src for access to a domain in their .html, but
did not specify an <access> tag for that domain, the connection will fail
(since the native code whitelist filters all network connections). So this
in effect doubles the number of declarations needed -- a CSP policy needs
to have its mirror in the <access> tag. You can see where this can get
confusing.

We could have a dynamic CSP parser in native code to dynamically "generate"
access tags but that will add on more complexity (but this would be best
workaround).

I propose that we get rid of the native code whitelist (effectively
allowing all connections)  and rely on CSP only. I'm not sure that having a
native code whitelist can really be truly secure, with the dynamic nature
of Objective-C this is just a fa├žade anyway.

In any case, native code whitelisting will only work on UIWebView, there is
no way our current whitelisting system will work on WKWebView at all --
more fodder for us to abandon our whitelisting system.

The whitelisting should really be handled lower level by the system, and
indeed this is coming in iOS 9 with Application Transport Security (ATS):
https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html#//apple_ref/doc/uid/TP40016240

The ATS whitelisting is through new tags in Info.plist, and we will have to
map our existing whitelist tags to ATS when the time comes.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message