(1) older versions of our docs point to plugins.cordova.io for plugin documentation. We haven't pointed people to github for plugin docs. Those docs are accurate with the ID of the plugin. Adding a section to the readme about needing cordova 5+ isn't a bad idea.
The plan is to switch our tools to grab from npm first and CPR second. I believe we discussed doing this around the time CPR goes read only. Giving IDE's and people using older versions a chance to upgrade. We can publish updated plugins to CPR, but it is going to be quite a bit of work. I created old-id branches for our core plugins that revert the commits changing the ID and the commits where I change internal plugin references from org.apache.cordova.* to cordova-plugin-*. It was a fairly large change. The reason for the major jump was the plugin id change. I'd recommend them sticking the versioning they are on instead of copying the version of the npm series. The major version bump wasn't due to a change in functionality in the plugins themselves. If we want to release updated plugins to CPR, someone will need to do the work to cherry-pick the new commits into old-id and do a separate vote for them. (2) It is a fairly recent change. Any new app made with cordova-cli 5+ will auto include the whitelist plugin due to the hello world config.xml including it as a dependency. I think we need to document it more and make more noise within the community about it. iOS 4.0 will also require the whitelist plugin when it gets released. The more prepared we are, the better. As for re-enabling network access by default, I wasn't really part of the original thread so I will leave it to the people who were to discuss that further. On Thu, May 7, 2015 at 8:55 AM, Nikhil Khandelwal <[email protected]> wrote: > There is a bunch of confusion with Cordova 5.0 users because of these two > changes: > > 1. Move to npm for plugins (There have been multiple PRs trying to update > plugin docs to reference the old id instead of the new one - because people > are still using the old version of the CLI) > > 2. No network access in Android 4.0 without whitelist plugin: > > - https://issues.apache.org/jira/browse/CB-8969 > > - > http://stackoverflow.com/questions/29735597/cordova-5-0-0-android-app-can-not-connect-to-internet-using-android-4-0-0 > > - > http://stackoverflow.com/questions/30060534/ajax-requests-fail-after-upgrading-to-cordova-5-0-cordova-android4-0 > > > > I think for the (1), I suggest we do the following: > > 1. Update the plugin documentation that the old id can be used for > older CLI versions. > > 2. Either update the CPM with 1.0 versions of the plugins or have > the CLI get core plugins from npm first then CPR even with the old id. > Using the old id because they were hardcoded in IDEs etc, devs are getting > older version of the plugins. > > > > For (2), I think we should re-visit making whitelist part of the Android > platform again or some other way of enabling network access by default. No > network access (XHR) for a platform by default is a big change that's not > well understood and not necessarily more secure. I'm new to this, but I did > not fully understood the goals of moving the whitelisting to a plugin > instead of it being part of the core. > > > Thanks, > Nikhil >
