cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-9569) Support <access> and <allow-navigation> tag translation to Application Transport Security (ATS) Info.plist directives
Date Mon, 05 Oct 2015 21:19:27 GMT

    [ https://issues.apache.org/jira/browse/CB-9569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14944070#comment-14944070
] 

ASF GitHub Bot commented on CB-9569:
------------------------------------

Github user shazron commented on the pull request:

    https://github.com/apache/cordova-lib/pull/312#issuecomment-145671308
  
    Hmm one problem that I can see is, this assumes the last item to "clobber" the ATS entry
is the last one standing. There is no merge strategy. For example:
    ```
    <access origin="https://*.google.com />
    <access origin="https://google.com />
    ```
    
    We would only pick up the last item there, were subdomains are *not* allowed. We can't
possibly decipher the intent of the user here, it is up to the user to write a coherent whitelist
policy.


> Support <access> and <allow-navigation> tag translation to Application Transport
Security (ATS) Info.plist directives
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: CB-9569
>                 URL: https://issues.apache.org/jira/browse/CB-9569
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: CLI
>            Reporter: Shazron Abdullah
>            Assignee: Shazron Abdullah
>              Labels: cordova-ios-4.0.x
>
> By default iOS 9 that requires network connections *must* be HTTPs with certain protocols.
You would use ATS for exceptions.
> ATS:
> https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/
> http://www.neglectedpotential.com/2015/06/working-with-apples-application-transport-security/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message