Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cordova.apache.org
MIME-Version: 1.0
In-Reply-To: 
 <CAG5ZNwWapM=MNRY4tQQkvt39VOONhyXi1RH1+OVW_LonOV1bKA@mail.gmail.com>
References: 
 <CAE6O_-ZhkAeDunGv3JuytOCOnvt8BtD8KU4mCTJWoe7Tw=UW6w@mail.gmail.com>
 <CAE6O_-bNun8qikjbMC9_VAbM5tjCPBUQcqLrKDa-fQaZP1bk-g@mail.gmail.com>
 <CAE6O_-bnFvhdUR4p7V+Q8t8fk4BM_dKNp57ZKt=Ghxj=_n_sgw@mail.gmail.com>
 <CAE6O_-Z35QYVTxTqSALomPEJWfwDp=8YHA7W+StKAr0W8gDGOA@mail.gmail.com>
 <CAE6O_-ZrfWFJcX5KHXAwzwoV41aF8PE7noR=5KxsaSKKkvjR_Q@mail.gmail.com>
 <CAKP6k2up+cZMsUvJH-Dc6qCfH6ozKBwA6ci8e5x8Gy8PwKs9sA@mail.gmail.com>
 <564A2965-A18C-4B5D-8296-AFBEE6C0EB6B@devgeeks.org>
 <CAHYtTqne3jTvdppSt0iDVzXQ385GDzeZaXR1SmkoSV+-eggiqA@mail.gmail.com>
 <CAE6O_-ZzvdbmU6gqmvTr9UpwatoPCq3qELvgg0Szy+kYQ57=hg@mail.gmail.com>
 <35F889EE-028E-4A5D-9308-6201CC1621AB@gmail.com>
 <CAE6O_-YsFaO4hAWcgp+Lu_T-Ke-ANOms2vQ5-pmdXwJ52Vn_Cw@mail.gmail.com>
 <CAG5ZNwVB1ZsOb_+_3ACuoVHgFUmrLHPaEUsFfa0ziXC_M5uVkA@mail.gmail.com>
 <CAE6O_-ZKz0JK-JNhiLEbm543k4OFXogP2A9tX70UvoS2tE=kaw@mail.gmail.com>
 <CAG5ZNwWapM=MNRY4tQQkvt39VOONhyXi1RH1+OVW_LonOV1bKA@mail.gmail.com>
From: Shazron <shazron@gmail.com>
Date: Wed, 11 Nov 2015 16:17:37 -0800
Message-ID: 
 <CAE6O_-aJON0zFjyAPMywm9_CojY6JFZrRsUnEqzsB8uC+9+3Fg@mail.gmail.com>
Subject: Re: [DISCUSS] Proposal to Remove the Cordova iOS Native Whitelist
To: "dev@cordova.apache.org" <dev@cordova.apache.org>
Content-Type: text/plain; charset=UTF-8

https://issues.apache.org/jira/browse/CB-9972

3 pull requests sent for review:

1. https://github.com/apache/cordova-ios/pull/181
2. https://github.com/apache/cordova-plugin-whitelist/pull/16
3. https://github.com/apache/cordova-mobile-spec/pull/133


On Wed, Nov 11, 2015 at 12:44 AM, julio cesar sanchez
<jcesarmobile@gmail.com> wrote:
> Ahh, missed that, thanks Shazron!
>
> 2015-11-11 1:39 GMT+01:00 Shazron <shazron@gmail.com>:
>
>> This is handled by this:
>>
>> https://github.com/apache/cordova-ios/tree/master/CordovaLib/Classes/Private/Plugins/CDVSystemSchemes
>>
>> Doc:
>>
>> https://github.com/apache/cordova-docs/commit/80906ac23c77f4ce7a5d330b28fba803736c7253
>>
>> On Tue, Nov 10, 2015 at 7:41 AM, julio cesar sanchez
>> <jcesarmobile@gmail.com> wrote:
>> > What about url schemes? I suppose they won't work unless we allow them
>> > using the CSP, but, do we have code to handle them?
>> >
>> > I've been looking on the source code and
>> *CDVUIWebViewNavigationDelegate.m,
>> > *on *shouldStartLoadWithRequest* ask *CDVViewController.m* for*
>> > shouldOpenExternalURL *that queries all the plugins for
>> > *shouldOpenExternalURL* method and uses *[[UIApplication
>> sharedApplication]
>> > openURL:url];* to open the app.
>> >
>> >
>> > Anyway, the old legacy whitelist return *YES* only for *tel *scheme*,
>> *and
>> > the new whitelist doesn't include that method, so I don't think removing
>> > the plugin will break anything, but is it already broken?
>> >
>> > or we should use the inAppBrowser plugins with _system to open other apps
>> > instead of the whitelist?
>> >
>> >
>> >
>> >
>> > 2015-11-10 3:18 GMT+01:00 Shazron <shazron@gmail.com>:
>> >
>> >> Filed https://issues.apache.org/jira/browse/CB-9972
>> >>
>> >> On Mon, Nov 9, 2015 at 5:18 PM, Carlos Santana <csantana23@gmail.com>
>> >> wrote:
>> >> > Shaz,
>> >> >    Got some feedback but so far nothing extreme to block your
>> proposal.
>> >> >
>> >> > The only concerned was my comments around iOS8 and lower and it looks
>> >> like CSP is the level of security it will get and that's fine.
>> >> >
>> >> >  +1 to move forward
>> >> >
>> >> > - Carlos
>> >> > @csantanapr
>> >> >
>> >> >> On Nov 9, 2015, at 8:13 PM, Shazron <shazron@gmail.com> wrote:
>> >> >>
>> >> >> Any updates on your end Carlos? Anyone else have any concerns? I'm
>> >> >> preparing a PR for review soon.
>> >> >>
>> >> >>> On Wed, Nov 4, 2015 at 2:42 PM, Carlos Santana <
>> csantana23@gmail.com>
>> >> wrote:
>> >> >>> currently evaluating with some other folks at work, will provide
>> >> feedback
>> >> >>> soon.
>> >> >>>
>> >> >>> On Tue, Nov 3, 2015 at 11:07 PM Tommy-Carlos Williams <
>> >> tommy@devgeeks.org>
>> >> >>> wrote:
>> >> >>>
>> >> >>>> +1 to letting the OS handle it.
>> >> >>>>
>> >> >>>>> On 4 Nov 2015, at 12:44, Jesse <purplecabbage@gmail.com> wrote:
>> >> >>>>>
>> >> >>>>> I completely support the proposal!
>> >> >>>>>
>> >> >>>>>
>> >> >>>>> @purplecabbage
>> >> >>>>> risingj.com
>> >> >>>>>
>> >> >>>>>> On Tue, Nov 3, 2015 at 5:35 PM, Shazron <shazron@gmail.com>
>> wrote:
>> >> >>>>>>
>> >> >>>>>> BUMP. This is important, and is causing a lot of pain for our
>> users.
>> >> >>>>>> For example:
>> >> >>>>>>
>> >> >>>>
>> >>
>> https://github.com/jessemonroy650/top-phonegap-mistakes/blob/master/the-whitelist-system.md
>> >> >>>>>>
>> >> >>>>>>
>> >> >>>>>>> On Mon, Nov 2, 2015 at 5:38 PM, Shazron <shazron@gmail.com>
>> wrote:
>> >> >>>>>>> To view contents of the PR easily:
>> >> >>>>>>
>> >> >>>>
>> >>
>> https://github.com/shazron/cordova-discuss/blob/da7af6606848a1b7d96f4d5ee5402360bf5fd53c/proposals/ios-whitelist-removal.md
>> >> >>>>>>>
>> >> >>>>>>>> On Mon, Nov 2, 2015 at 5:36 PM, Shazron <shazron@gmail.com>
>> >> wrote:
>> >> >>>>>>>> PR sent: https://github.com/cordova/cordova-discuss/pull/27
>> >> >>>>>>>>
>> >> >>>>>>>>> On Mon, Nov 2, 2015 at 5:21 PM, Shazron <shazron@gmail.com>
>> >> wrote:
>> >> >>>>>>>>> Sorry everyone -- I'm structuring it as a PR and will revert
>> my
>> >> >>>>>>>>> commits. Will be easier to comment that way
>> >> >>>>>>>>>
>> >> >>>>>>>>>> On Mon, Nov 2, 2015 at 5:05 PM, Shazron <shazron@gmail.com>
>> >> wrote:
>> >> >>>>>>
>> >> >>>>
>> >>
>> https://github.com/cordova/cordova-discuss/blob/master/proposals/ios-whitelist-removal.md
>> >> >>>>>>>>>>
>> >> >>>>>>>>>> Comment here or there, etc. I've included flowcharts...
>> >> >>>>>>>>>>
>> >> >>>>>>>>>> tldr; remove the whitelist in cordova-ios-4.x. we are not
>> good
>> >> at
>> >> >>>>>>>>>> security, let the OS handle it.
>> >> >>>>>>
>> >> >>>>>>
>> >> ---------------------------------------------------------------------
>> >> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> >> >>>>>> For additional commands, e-mail: dev-help@cordova.apache.org
>> >> >>>>>>
>> >> >>>>>>
>> >> >>>>
>> >> >>>>
>> ---------------------------------------------------------------------
>> >> >>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> >> >>>> For additional commands, e-mail: dev-help@cordova.apache.org
>> >> >>>>
>> >> >>>>
>> >> >>
>> >> >> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> >> >> For additional commands, e-mail: dev-help@cordova.apache.org
>> >> >>
>> >> >
>> >> > ---------------------------------------------------------------------
>> >> > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> >> > For additional commands, e-mail: dev-help@cordova.apache.org
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> >> For additional commands, e-mail: dev-help@cordova.apache.org
>> >>
>> >>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> For additional commands, e-mail: dev-help@cordova.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org