You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/03/03 03:33:07 UTC
cordova-plugins git commit: Tweak url-policy readme
Repository: cordova-plugins
Updated Branches:
refs/heads/master 9e6a77805 -> 1f5aa23f9
Tweak url-policy readme
Project: http://git-wip-us.apache.org/repos/asf/cordova-plugins/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugins/commit/1f5aa23f
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugins/tree/1f5aa23f
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugins/diff/1f5aa23f
Branch: refs/heads/master
Commit: 1f5aa23f9eb878a9f4bb15bf0cc64f255cbb7947
Parents: 9e6a778
Author: Andrew Grieve <ag...@chromium.org>
Authored: Mon Mar 2 21:32:59 2015 -0500
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Mon Mar 2 21:32:59 2015 -0500
----------------------------------------------------------------------
url-policy/README.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-plugins/blob/1f5aa23f/url-policy/README.md
----------------------------------------------------------------------
diff --git a/url-policy/README.md b/url-policy/README.md
index b5db680..b27a948 100644
--- a/url-policy/README.md
+++ b/url-policy/README.md
@@ -30,6 +30,7 @@ other schemes, you must add `<allow-navigation>` tags to your `config.xml`:
## Intent Whitelist
Controls which URLs the app is allowed to ask the system to open.
+By default, no external URLs are allowed.
On Android, this equates to sending an intent of type BROWSEABLE.
@@ -81,9 +82,9 @@ In `config.xml`, add `<access>` tags, like this:
<access origin="*" />
### Content Security Policy
-The network whitelist is not able to filter all types of requests (e.g.
+On Android and iOS, the network whitelist is not able to filter all types of requests (e.g.
`<video>` & WebSockets are not blocked). So, in addition to the whitelist,
- you use a [Content Security Policy](http://content-security-policy.com/) `<meta>` tag
+you should use a [Content Security Policy](http://content-security-policy.com/) `<meta>` tag
on all of your pages.
On Android, support for CSP within the system webview starts with KitKat.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org