You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by mm...@apache.org on 2015/03/03 19:11:37 UTC
cordova-plugins git commit: Update url-policy README to describe
tag for non CSP webviews
Repository: cordova-plugins
Updated Branches:
refs/heads/master f7019821e -> 3ed17046e
Update url-policy README to describe <access> tag for non CSP webviews
Project: http://git-wip-us.apache.org/repos/asf/cordova-plugins/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugins/commit/3ed17046
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugins/tree/3ed17046
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugins/diff/3ed17046
Branch: refs/heads/master
Commit: 3ed17046ea7efaeccda4c4ffe82bb351e8b966f1
Parents: f701982
Author: Michal Mocny <mm...@gmail.com>
Authored: Tue Mar 3 13:11:18 2015 -0500
Committer: Michal Mocny <mm...@gmail.com>
Committed: Tue Mar 3 13:11:18 2015 -0500
----------------------------------------------------------------------
url-policy/README.md | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/3ed17046/url-policy/README.md
----------------------------------------------------------------------
diff --git a/url-policy/README.md b/url-policy/README.md
index b27a948..84d6e75 100644
--- a/url-policy/README.md
+++ b/url-policy/README.md
@@ -61,6 +61,8 @@ In `config.xml`, add `<allow-intent>` tags, like this:
## Network Request Whitelist
Controls which network requests (images, XHRs, etc) are allowed to be made.
+Note: Please use a Content Security Policy (see below) instead (or also), since it is more secure. This whitelist is mostly historical for webviews which do not support CSP.
+
By default, only requests to `file://` URLs are allowed.
In `config.xml`, add `<access>` tags, like this:
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org