incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shazron Abdullah (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-1412) iOS Whitelist is never used, all urls will pass the whitelist
Date Wed, 12 Sep 2012 20:29:07 GMT

    [ https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454327#comment-13454327
] 

Shazron Abdullah commented on CB-1412:
--------------------------------------

Yup, usually I let it run mobile-spec first in a new project _without_ adding the exceptions
in the whitelist for the tests, and there should be failed tests - in this case, all tests
passed which flagged me to the problem.

Oh, I was thinking about the InAppBrowser feature that we need to implement (which is ChildBrowser).
I mentioned the approach in one of the ML threads so I thought we can use the xhr bridge method
as well. 

I was thinking in the webView:shouldStartLoadWithRequest UIWebView delegate method can inject
the right header in the NSMutableRequest, but upon thinking about it some more, I forgot about
xhrs and resource loading, those won't be caught by the delegate. I don't know of a method
at this moment that we can "tag" a request with (what viewcontroller/uiwebview it came from)
to use the appropriate whitelist.

We want to use separate whitelists because an InAppBrowser might have different requirements
than the app itself - right now it has to share the app's whitelist. 
                
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
>                 Key: CB-1412
>                 URL: https://issues.apache.org/jira/browse/CB-1412
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: iOS
>    Affects Versions: 2.1.0
>            Reporter: Shazron Abdullah
>            Assignee: Shazron Abdullah
>            Priority: Blocker
>             Fix For: 2.1.0
>
>
> The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition, allowing
the bypass.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message