[
https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453969#comment-13453969
]
Andrew Grieve commented on CB-1412:
-----------------------------------
Whoops, nice catch. Was this caught by a mobile-spec test?
I don't think the note in there about using the vc header to distinguish
webviews will work. That header exists only when it is set explicitly by the
exec() xhr. Maybe we could use the referrer header. Not sure.
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
> Key: CB-1412
> URL: https://issues.apache.org/jira/browse/CB-1412
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 2.1.0
> Reporter: Shazron Abdullah
> Assignee: Shazron Abdullah
> Priority: Blocker
> Fix For: 2.1.0
>
>
> The line here:
> https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition,
> allowing the bypass.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
