cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shazron <>
Subject Re: [iOS] proposed major whitelist change
Date Wed, 26 Aug 2015 13:13:15 GMT
Any objections or further feedback? If not I will move on to what we seem
to have consensus about:

If there are no <access> entries, then network requests are wide open
(wildcard * default) and security is handled via CSP.
We would recommend no <access> entries to be used, users should use CSP.

On Tue, Aug 11, 2015 at 7:01 PM, Shazron <> wrote:

> So, is the whitelist plugin network request list "*" with no <access>
>> entries, or
>> "*" because of the <access> entry added to the default project?
> "*" would be the default. So if there are no <access> entries, it would be
> added. If the default project had the <access> wildcard, then no change
> (since that is the default anyway).
> The old way you would need an explicit <access> entry wildcard for
> unrestricted native and web code access -- the new way is unrestricted
> native code access (unless set explicitly), and CSP for web code access.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message