Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4A7102009E8 for ; Mon, 30 May 2016 15:58:57 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 48E3F160A19; Mon, 30 May 2016 13:58:57 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6C0C7160969 for ; Mon, 30 May 2016 15:58:56 +0200 (CEST) Received: (qmail 29739 invoked by uid 500); 30 May 2016 13:58:55 -0000 Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list dev@cordova.apache.org Received: (qmail 29727 invoked by uid 99); 30 May 2016 13:58:54 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 May 2016 13:58:54 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 80FFA1A47C7 for ; Mon, 30 May 2016 13:58:54 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.147 X-Spam-Level: ** X-Spam-Status: No, score=2.147 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, KAM_LOTSOFHASH=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id olliEnZ3mKJX for ; Mon, 30 May 2016 13:58:52 +0000 (UTC) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0129.outbound.protection.outlook.com [207.46.100.129]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 1DCCB5F241 for ; Mon, 30 May 2016 13:58:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hXlX6e9FmcQx2fc4ZMadrHNdQ1Nf7Rq7TUZJC2AjItc=; b=DxVR6N8xHPF0bm55fqlUEHdTBhiFSHNgfHUDOdOyEHwlJoBMbva36zOQvDyv/afwIBm8mesjokS7CpyNeCaGljbuWGFTbvFlfKuFTvEwHYE95EeNccSEmqZUh2ZG0Iw2QbEKmcoMpKo11R2nSeZzkUYNKqJ+pdJHZpyltYn5y1I= Received: from BL2PR03MB579.namprd03.prod.outlook.com (10.141.93.11) by BL2PR03MB580.namprd03.prod.outlook.com (10.141.93.145) with Microsoft SMTP Server (TLS) id 15.1.497.12; Mon, 30 May 2016 13:58:44 +0000 Received: from BL2PR03MB579.namprd03.prod.outlook.com ([10.141.93.11]) by BL2PR03MB579.namprd03.prod.outlook.com ([10.141.93.11]) with mapi id 15.01.0506.011; Mon, 30 May 2016 13:58:44 +0000 From: "Sergey Shakhnazarov (Akvelon)" To: "dev@cordova.apache.org" Subject: Android cdvfile: whitelisting Thread-Topic: Android cdvfile: whitelisting Thread-Index: AdG6ezlaAwF87pd7SB2zA73AG2mYoQ== Date: Mon, 30 May 2016 13:58:44 +0000 Message-ID: Accept-Language: ru-RU, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: cordova.apache.org; dkim=none (message not signed) header.d=none;cordova.apache.org; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [178.20.183.194] x-ms-office365-filtering-correlation-id: 508c3868-9a26-4fcf-363d-08d38892838c x-microsoft-exchange-diagnostics: 1;BL2PR03MB580;5:aYHhR/doPyw6MoppaKs0VgQ6N++PtKQCwaPMgxE874GTHBLo5uDezGREE99arjSgczlF1r4e9YcvjW8RhCMgx8Rsa39CvYi8AfdWPC2KEZyTK0PS0BnqkCGAzLv/1kn4rYmL2qN5Au4aVfRxqCg3SQ==;24:JVyyFw3R3zc08qvyHLTiD12nElLHnf7n91NIdJxYwYeJurXGxo6FPTrmuqCyNHtRlJT1wCWS4AQSsImRJ0gYViUhY9KUJ9y7X/IL11pzOvY=;7:G5w5FdtS7JHrGGsHSYo/rN5sV8SDgphV1MYYEyobHm5CtIObYYL4vKQshr+TFOrczmT4mt3qeROj8IXkTt6J74XUmToHVQJ6Ts5JPd2Y+28OEYjKQL0LE6SwvNY4kulaLkMBNcAfijX/O613f5LHmcyc3ivw6+HOCOtKD+SotQ+uYIe9qWH4lr8C1cCzZcrptTCm+I7b74JIGlOq+b5sIA== x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB580; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(134217032509453)(166708455590820)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038);SRVR:BL2PR03MB580;BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB580; x-forefront-prvs: 09583628E0 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(76104003)(8936002)(19617315012)(19625215002)(5008740100001)(33656002)(81166006)(586003)(10090500001)(450100001)(19300405004)(122556002)(2906002)(99286002)(66066001)(5004730100002)(1220700001)(2351001)(87936001)(8990500004)(77096005)(86362001)(229853001)(10290500002)(9686002)(74316001)(76576001)(16236675004)(6116002)(107886002)(11100500001)(102836003)(2900100001)(50986999)(19580395003)(92566002)(189998001)(3280700002)(2501003)(54356999)(5002640100001)(15975445007)(790700001)(110136002)(3846002)(1730700003)(8676002)(5005710100001)(3660700001)(10400500002)(5003600100002);DIR:OUT;SFP:1102;SCL:1;SRVR:BL2PR03MB580;H:BL2PR03MB579.namprd03.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_BL2PR03MB579510E356EA4E39F0181CE9D450BL2PR03MB579namprd_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2016 13:58:44.0635 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR03MB580 archived-at: Mon, 30 May 2016 13:58:57 -0000 --_000_BL2PR03MB579510E356EA4E39F0181CE9D450BL2PR03MB579namprd_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello dev list, I would like to discuss cdvfile: protocol whitelisting - whether it should = be allowed by default. Looking into the issue CB-11305 [1] I've patched the file plugin Android co= de to enable cdvfile: in DOM requests and added a corresponding test. The test was failing in paramedic on Android because the default template d= oes not allow cdvfile: access, so we need to add it to config.xml as an all= ow-navigation tag (or as an access tag + CSP rule). Mobilespec test app used custom config.xml [2]. There is also an old PR to the whitelist plugin allowing cdvfile: and conte= nt: schemes [3]. An alternative can be to include the allow-navigation tag to Android sectio= n of the File plugin.xml [4] (it's the way the PR for CB-11305 is done now)= . So what do you think about these 2 options? 1. Allow cdvfile: in Android whitelist by default, 2. Allow cdvfile: in Android section of File plugin.xml by default usi= ng allow-navigation tag. [1]: https://issues.apache.org/jira/browse/CB-11305 [2]: https://github.com/apache/cordova-mobile-spec/blob/ff9f2fa3acce67ccdb2= 11d46ebb3a6d4213a7c5d/config.xml#L48 [3]: https://github.com/apache/cordova-plugin-whitelist/pull/9 [4]: https://github.com/apache/cordova-plugin-file/pull/182/commits/287158f= c844e3825ff43080ef19f94f3e585ba00#diff-53f390d375398624afe1cfe1125f42bfR126 Best regards, Sergey Shakhnazarov. --_000_BL2PR03MB579510E356EA4E39F0181CE9D450BL2PR03MB579namprd_--