You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/03/06 03:53:58 UTC

cordova-plugins git commit: Update README to say that TalkBack requires whitelisting on Android

Repository: cordova-plugins
Updated Branches:
  refs/heads/master 9e0db6c01 -> 9bd1282a3


Update README to say that TalkBack requires whitelisting on Android


Project: http://git-wip-us.apache.org/repos/asf/cordova-plugins/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugins/commit/9bd1282a
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugins/tree/9bd1282a
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugins/diff/9bd1282a

Branch: refs/heads/master
Commit: 9bd1282a31ccd5d8123a69b23042c93e62d4768c
Parents: 9e0db6c
Author: Andrew Grieve <ag...@chromium.org>
Authored: Thu Mar 5 21:53:18 2015 -0500
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Thu Mar 5 21:53:18 2015 -0500

----------------------------------------------------------------------
 whitelist/README.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/9bd1282a/whitelist/README.md
----------------------------------------------------------------------
diff --git a/whitelist/README.md b/whitelist/README.md
index 1b4fe34..09224c6 100644
--- a/whitelist/README.md
+++ b/whitelist/README.md
@@ -89,7 +89,9 @@ In `config.xml`, add `<access>` tags, like this:
     <!-- Don't block any requests -->
     <access origin="*" />
 
-Without any `<access>` tags, only requests to `file://` URLs are allowed. However, the default cordova application should include `<access origin="*">` by default.
+Without any `<access>` tags, only requests to `file://` URLs are allowed. However, the default Cordova application includes `<access origin="*">` by default.
+
+Quirk: Android also allows requests to https://ssl.gstatic.com/accessibility/javascript/android/ by default, since this is required for TalkBack to function properly.
 
 ### Content Security Policy
 Controls which network requests (images, XHRs, etc) are allowed to be made (via webview directly).
@@ -106,6 +108,9 @@ Here are some example CSP declarations for your `.html` pages:
     <!-- Enable all requests, inline styles, and eval() -->
     <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src: 'self' 'unsafe-inline' 'unsafe-eval' "/>
 
+    <!-- Allow requests to https://ssl.gstatic.com/accessibility/javascript/android/ (required for TalkBack on Android) -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https://ssl.gstatic.com/accessibility/javascript/android/"/>
+
     <!-- Allow XHRs via https only -->
     <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:"/>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org