cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jakob Hormann (JIRA)" <>
Subject [jira] [Commented] (CB-10709) Allow-navigation rule for iFrame urls on cordova-ios
Date Mon, 31 Oct 2016 13:59:58 GMT


Jakob Hormann commented on CB-10709:

Hello everyone. I wanted to ask how much of chance there is to get this issue fixed some time
It would really help a lot to make iOS apps more secure while allowing all sorts of embedded
iframes from Twitter, Instagram etc.

Android works perfectly well setting
{code:xml}<allow-navigation href="file://*"/>{code}
along with
{code:xml}<allow-intent href="*"/>{code}

In iOS it prevents iframes with http(s) sources etc. See original post.


> Allow-navigation rule for iFrame urls on cordova-ios
> ----------------------------------------------------
>                 Key: CB-10709
>                 URL:
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: iOS
>    Affects Versions: 6.0.0
>            Reporter: Harsha Kiran
>            Assignee: Shazron Abdullah
>              Labels: cordova-ios-4.1.1, triaged
> Currently with Whitelist plugin set to <allow-navigation="*://*"> doesn't
allow navigation to other domains including urls embedded using iframe on iOS.
> EG: If I tried to embed a youtube video using iframe tag with only this rule  <allow-navigation="*://*">,
it doesn't allow loading of the video in iframe as is not listed in allowed domains.
> If we add <allow-navigation="*://*"> it allows the loading of iframe
but will also allow navigation to using Javascript i.e'').

> With current implementation in cordova-ios, I'm not sure if there is any solution to
allow a domain navigation in iframe and not allow navigation to that domain using other methods
like javascript.
> Android ignores the allow-navigation rule for iframe loaded urls, so iOS should be modified
to behave the same?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message