You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Harsha Kiran (JIRA)" <ji...@apache.org> on 2016/03/06 00:21:40 UTC
[jira] [Updated] (CB-10709) Allow-navigation rule for iFrame urls
on cordova-ios
[ https://issues.apache.org/jira/browse/CB-10709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harsha Kiran updated CB-10709:
------------------------------
Description:
Currently with Whitelist plugin set to <allow-navigation="*://domain.com/*"> doesn't allow navigation to other domains including urls embedded using iframe on iOS.
EG: If I tried to embed a youtube video using iframe tag with only this rule <allow-navigation="*://domain.com/*">, it doesn't allow loading of the video in iframe as youtube.com is not listed in allowed domains.
If we add <allow-navigation="*://youtube.com/*"> it allows the loading of iframe but will also allow navigation to youtube.com using Javascript i.e window.open('http://youtube.com').
With current implementation in cordova-ios, I'm not sure if there is any solution to allow a domain navigation in iframe and not allow navigation to that domain using other methods like javascript.
Android ignores the allow-navigation rule for iframe loaded urls, so iOS should be modified to behave the same?
was:
Currently with Whitelist plugin set to <allow-navigation="*://domain.com/*"> doesn't allow navigation to other domains embedded using iframe on iOS
EG: youtube video embedded using iframe tag.
Adding <allow-navigation="*://youtube.com/*"> will allow the loading of iframe but will also allow navigation to youtube.com using Javascript i.e window.open('http://youtube.com').
With current implementation in cordova-ios, I'm not sure if there is any solution to allowing a domain navigation in iframe only and not allow the domain navigation using other methods like javascript.
Android ignores the allow-navigation rule for iframe loaded urls, so iOS should be modified to behave the same?
> Allow-navigation rule for iFrame urls on cordova-ios
> ----------------------------------------------------
>
> Key: CB-10709
> URL: https://issues.apache.org/jira/browse/CB-10709
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS, Plugin Whitelist
> Affects Versions: 6.0.0
> Reporter: Harsha Kiran
> Priority: Critical
> Labels: cordova-ios-4.1.1, triaged
>
> Currently with Whitelist plugin set to <allow-navigation="*://domain.com/*"> doesn't allow navigation to other domains including urls embedded using iframe on iOS.
> EG: If I tried to embed a youtube video using iframe tag with only this rule <allow-navigation="*://domain.com/*">, it doesn't allow loading of the video in iframe as youtube.com is not listed in allowed domains.
> If we add <allow-navigation="*://youtube.com/*"> it allows the loading of iframe but will also allow navigation to youtube.com using Javascript i.e window.open('http://youtube.com').
> With current implementation in cordova-ios, I'm not sure if there is any solution to allow a domain navigation in iframe and not allow navigation to that domain using other methods like javascript.
> Android ignores the allow-navigation rule for iframe loaded urls, so iOS should be modified to behave the same?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org