cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From csantanapr <...@git.apache.org>
Subject [GitHub] cordova-app-hello-world pull request: CB-9009 default CSP needs to...
Date Fri, 07 Aug 2015 21:03:17 GMT
Github user csantanapr commented on the pull request:

    https://github.com/apache/cordova-app-hello-world/pull/10#issuecomment-128833712
  
    -1
    hum this looks very ugly in the template. I don't like to have this in the default template.
people might think that is a security whole.
    In another platform like android, not picking android then that port will be expose, it
will not get intercepted because is not blackberry
    
    some options:
    1. bb plugin to implement plugin hook, this is a new type of hook that plugins can implement

    If this is only required for BlackBerry, then the plugin for blackberry can implement
a plugin hook to edit the index.html during after_prepare. it can parse the index.html look
for the tag and if http://locahost:8472 doesn't exist then added.
    
    2. the cordova.js for blackberry dynamically edits the csp tag in the dom
    when cordova.js runs before setting up the plugin update the csp meta, I don't know if
this is too late to change since index.html is already parsed, if this is not an option then
take a look at option 1 above


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org


Mime
View raw message