cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Shakhnazarov (Akvelon)" <>
Subject Android cdvfile: whitelisting
Date Mon, 30 May 2016 13:58:44 GMT
Hello dev list,

I would like to discuss cdvfile: protocol whitelisting - whether it should be allowed by default.

Looking into the issue CB-11305 [1] I've patched the file plugin Android code to enable cdvfile:
in DOM requests and added a corresponding test.

The test was failing in paramedic on Android because the default template does not allow cdvfile:
access, so we need to add it to config.xml as an allow-navigation tag (or as an access tag
+ CSP rule).

Mobilespec test app used custom config.xml [2].

There is also an old PR to the whitelist plugin allowing cdvfile: and content: schemes [3].

An alternative can be to include the allow-navigation tag to Android section of the File plugin.xml
[4] (it's the way the PR for CB-11305 is done now).

So what do you think about these 2 options?

1.      Allow cdvfile: in Android whitelist by default,

2.      Allow cdvfile: in Android section of File plugin.xml by default using allow-navigation





Best regards,

Sergey Shakhnazarov.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message