You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/03/03 03:29:56 UTC
cordova-plugins git commit: Add notes about data: within url-policy
plugin
Repository: cordova-plugins
Updated Branches:
refs/heads/master e5ed4cd27 -> 9e6a77805
Add notes about data: within url-policy plugin
Project: http://git-wip-us.apache.org/repos/asf/cordova-plugins/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugins/commit/9e6a7780
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugins/tree/9e6a7780
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugins/diff/9e6a7780
Branch: refs/heads/master
Commit: 9e6a778053e2e79fa3a9d9f58dc4456cc9e59a41
Parents: e5ed4cd
Author: Andrew Grieve <ag...@chromium.org>
Authored: Mon Mar 2 21:29:40 2015 -0500
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Mon Mar 2 21:29:40 2015 -0500
----------------------------------------------------------------------
url-policy/README.md | 6 +++++-
url-policy/src/android/UrlPolicyPlugin.java | 1 +
2 files changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/9e6a7780/url-policy/README.md
----------------------------------------------------------------------
diff --git a/url-policy/README.md b/url-policy/README.md
index 866271a..b5db680 100644
--- a/url-policy/README.md
+++ b/url-policy/README.md
@@ -23,9 +23,10 @@ other schemes, you must add `<allow-navigation>` tags to your `config.xml`:
*NOT RECOMMENDED* -->
<allow-navigation href="*" />
- <!-- The above is equivalent to these two declarations -->
+ <!-- The above is equivalent to these three declarations -->
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
+ <allow-navigation href="data:*" />
## Intent Whitelist
Controls which URLs the app is allowed to ask the system to open.
@@ -98,3 +99,6 @@ Here are some example CSP declarations for your `.html` pages:
<!-- Allow XHRs via https only -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https:"/>
+ <!-- Allow data: URLs within iframes -->
+ <!-- Note: You would also need an <allow-navigation href="data:*" /> in your config.xml -->
+ <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' data:"/>
http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/9e6a7780/url-policy/src/android/UrlPolicyPlugin.java
----------------------------------------------------------------------
diff --git a/url-policy/src/android/UrlPolicyPlugin.java b/url-policy/src/android/UrlPolicyPlugin.java
index 8b29f79..6715224 100644
--- a/url-policy/src/android/UrlPolicyPlugin.java
+++ b/url-policy/src/android/UrlPolicyPlugin.java
@@ -76,6 +76,7 @@ public class UrlPolicyPlugin extends CordovaPlugin {
if ("*".equals(origin)) {
allowedNavigations.addWhiteListEntry("http://*/*", false);
allowedNavigations.addWhiteListEntry("https://*/*", false);
+ allowedNavigations.addWhiteListEntry("data:*", false);
} else {
allowedNavigations.addWhiteListEntry(origin, false);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org