You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by csantanapr <gi...@git.apache.org> on 2015/08/07 23:03:17 UTC
[GitHub] cordova-app-hello-world pull request: CB-9009 default CSP needs to...
Github user csantanapr commented on the pull request:
https://github.com/apache/cordova-app-hello-world/pull/10#issuecomment-128833712
-1
hum this looks very ugly in the template. I don't like to have this in the default template. people might think that is a security whole.
In another platform like android, not picking android then that port will be expose, it will not get intercepted because is not blackberry
some options:
1. bb plugin to implement plugin hook, this is a new type of hook that plugins can implement
If this is only required for BlackBerry, then the plugin for blackberry can implement a plugin hook to edit the index.html during after_prepare. it can parse the index.html look for the tag and if http://locahost:8472 doesn't exist then added.
2. the cordova.js for blackberry dynamically edits the csp tag in the dom
when cordova.js runs before setting up the plugin update the csp meta, I don't know if this is too late to change since index.html is already parsed, if this is not an option then take a look at option 1 above
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org