cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tommy-Carlos Williams <to...@devgeeks.org>
Subject Re: [iOS] proposed major whitelist change
Date Wed, 26 Aug 2015 14:34:45 GMT
+1 from me. 



> On 26 Aug 2015, at 23:13, Shazron <shazron@gmail.com> wrote:
> 
> Any objections or further feedback? If not I will move on to what we seem
> to have consensus about:
> 
> If there are no <access> entries, then network requests are wide open
> (wildcard * default) and security is handled via CSP.
> We would recommend no <access> entries to be used, users should use CSP.
> 
>> On Tue, Aug 11, 2015 at 7:01 PM, Shazron <shazron@gmail.com> wrote:
>> 
>> 
>> So, is the whitelist plugin network request list "*" with no <access>
>>> entries, or
>>> "*" because of the <access> entry added to the default project?
>> 
>> 
>> "*" would be the default. So if there are no <access> entries, it would be
>> added. If the default project had the <access> wildcard, then no change
>> (since that is the default anyway).
>> 
>> The old way you would need an explicit <access> entry wildcard for
>> unrestricted native and web code access -- the new way is unrestricted
>> native code access (unless set explicitly), and CSP for web code access.
>> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org


Mime
View raw message