You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cordova.apache.org by "Andrew Grieve (JIRA)" <ji...@apache.org> on 2012/09/12 15:01:07 UTC

[jira] [Commented] (CB-1412) iOS Whitelist is never used, all urls will pass the whitelist

    [ https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453969#comment-13453969 ] 

Andrew Grieve commented on CB-1412:
-----------------------------------

Whoops, nice catch. Was this caught by a mobile-spec test?

I don't think the note in there about using the vc header to distinguish webviews will work. That header exists only when it is set explicitly by the exec() xhr. Maybe we could use the referrer header. Not sure.
                
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
>                 Key: CB-1412
>                 URL: https://issues.apache.org/jira/browse/CB-1412
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: iOS
>    Affects Versions: 2.1.0
>            Reporter: Shazron Abdullah
>            Assignee: Shazron Abdullah
>            Priority: Blocker
>             Fix For: 2.1.0
>
>
> The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition, allowing the bypass.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira