cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From julio cesar sanchez <jcesarmob...@gmail.com>
Subject Re: [DISCUSS] Proposal to Remove the Cordova iOS Native Whitelist
Date Wed, 11 Nov 2015 08:44:24 GMT
Ahh, missed that, thanks Shazron!

2015-11-11 1:39 GMT+01:00 Shazron <shazron@gmail.com>:

> This is handled by this:
>
> https://github.com/apache/cordova-ios/tree/master/CordovaLib/Classes/Private/Plugins/CDVSystemSchemes
>
> Doc:
>
> https://github.com/apache/cordova-docs/commit/80906ac23c77f4ce7a5d330b28fba803736c7253
>
> On Tue, Nov 10, 2015 at 7:41 AM, julio cesar sanchez
> <jcesarmobile@gmail.com> wrote:
> > What about url schemes? I suppose they won't work unless we allow them
> > using the CSP, but, do we have code to handle them?
> >
> > I've been looking on the source code and
> *CDVUIWebViewNavigationDelegate.m,
> > *on *shouldStartLoadWithRequest* ask *CDVViewController.m* for*
> > shouldOpenExternalURL *that queries all the plugins for
> > *shouldOpenExternalURL* method and uses *[[UIApplication
> sharedApplication]
> > openURL:url];* to open the app.
> >
> >
> > Anyway, the old legacy whitelist return *YES* only for *tel *scheme*,
> *and
> > the new whitelist doesn't include that method, so I don't think removing
> > the plugin will break anything, but is it already broken?
> >
> > or we should use the inAppBrowser plugins with _system to open other apps
> > instead of the whitelist?
> >
> >
> >
> >
> > 2015-11-10 3:18 GMT+01:00 Shazron <shazron@gmail.com>:
> >
> >> Filed https://issues.apache.org/jira/browse/CB-9972
> >>
> >> On Mon, Nov 9, 2015 at 5:18 PM, Carlos Santana <csantana23@gmail.com>
> >> wrote:
> >> > Shaz,
> >> >    Got some feedback but so far nothing extreme to block your
> proposal.
> >> >
> >> > The only concerned was my comments around iOS8 and lower and it looks
> >> like CSP is the level of security it will get and that's fine.
> >> >
> >> >  +1 to move forward
> >> >
> >> > - Carlos
> >> > @csantanapr
> >> >
> >> >> On Nov 9, 2015, at 8:13 PM, Shazron <shazron@gmail.com> wrote:
> >> >>
> >> >> Any updates on your end Carlos? Anyone else have any concerns? I'm
> >> >> preparing a PR for review soon.
> >> >>
> >> >>> On Wed, Nov 4, 2015 at 2:42 PM, Carlos Santana <
> csantana23@gmail.com>
> >> wrote:
> >> >>> currently evaluating with some other folks at work, will provide
> >> feedback
> >> >>> soon.
> >> >>>
> >> >>> On Tue, Nov 3, 2015 at 11:07 PM Tommy-Carlos Williams <
> >> tommy@devgeeks.org>
> >> >>> wrote:
> >> >>>
> >> >>>> +1 to letting the OS handle it.
> >> >>>>
> >> >>>>> On 4 Nov 2015, at 12:44, Jesse <purplecabbage@gmail.com>
wrote:
> >> >>>>>
> >> >>>>> I completely support the proposal!
> >> >>>>>
> >> >>>>>
> >> >>>>> @purplecabbage
> >> >>>>> risingj.com
> >> >>>>>
> >> >>>>>> On Tue, Nov 3, 2015 at 5:35 PM, Shazron <shazron@gmail.com>
> wrote:
> >> >>>>>>
> >> >>>>>> BUMP. This is important, and is causing a lot of pain
for our
> users.
> >> >>>>>> For example:
> >> >>>>>>
> >> >>>>
> >>
> https://github.com/jessemonroy650/top-phonegap-mistakes/blob/master/the-whitelist-system.md
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>> On Mon, Nov 2, 2015 at 5:38 PM, Shazron <shazron@gmail.com>
> wrote:
> >> >>>>>>> To view contents of the PR easily:
> >> >>>>>>
> >> >>>>
> >>
> https://github.com/shazron/cordova-discuss/blob/da7af6606848a1b7d96f4d5ee5402360bf5fd53c/proposals/ios-whitelist-removal.md
> >> >>>>>>>
> >> >>>>>>>> On Mon, Nov 2, 2015 at 5:36 PM, Shazron <shazron@gmail.com>
> >> wrote:
> >> >>>>>>>> PR sent: https://github.com/cordova/cordova-discuss/pull/27
> >> >>>>>>>>
> >> >>>>>>>>> On Mon, Nov 2, 2015 at 5:21 PM, Shazron
<shazron@gmail.com>
> >> wrote:
> >> >>>>>>>>> Sorry everyone -- I'm structuring it as
a PR and will revert
> my
> >> >>>>>>>>> commits. Will be easier to comment that
way
> >> >>>>>>>>>
> >> >>>>>>>>>> On Mon, Nov 2, 2015 at 5:05 PM, Shazron
<shazron@gmail.com>
> >> wrote:
> >> >>>>>>
> >> >>>>
> >>
> https://github.com/cordova/cordova-discuss/blob/master/proposals/ios-whitelist-removal.md
> >> >>>>>>>>>>
> >> >>>>>>>>>> Comment here or there, etc. I've included
flowcharts...
> >> >>>>>>>>>>
> >> >>>>>>>>>> tldr; remove the whitelist in cordova-ios-4.x.
we are not
> good
> >> at
> >> >>>>>>>>>> security, let the OS handle it.
> >> >>>>>>
> >> >>>>>>
> >> ---------------------------------------------------------------------
> >> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> >> >>>>>> For additional commands, e-mail: dev-help@cordova.apache.org
> >> >>>>>>
> >> >>>>>>
> >> >>>>
> >> >>>>
> ---------------------------------------------------------------------
> >> >>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> >> >>>> For additional commands, e-mail: dev-help@cordova.apache.org
> >> >>>>
> >> >>>>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> >> >> For additional commands, e-mail: dev-help@cordova.apache.org
> >> >>
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> >> > For additional commands, e-mail: dev-help@cordova.apache.org
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> >> For additional commands, e-mail: dev-help@cordova.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message