FYI, we get to revisit this whitelist stuff again for iOS 9 with it's Application Transport Security (ATS): https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html#//apple_ref/doc/uid/TP40016240
Should be relatively simple --> convert access tags to the appropriate Info.plist tags and not filter the request in CDVURLProtocol (which doesn't work for WKWebView anyway). On Wed, Jul 8, 2015 at 1:43 AM, Shazron <[email protected]> wrote: > Related: https://issues.apache.org/jira/browse/CB-9329 > > From the README: https://github.com/apache/cordova-plugin-whitelist > > The Android whitelist supports <allow-navigation>, <allow-intent> and > <access>. > The iOS whitelist supports <allow-navigation> only currently. > > The docs mention <access> SHOULD be supported, but CSP is the way to go. > > Therefore <access> needs to be supported on iOS for native code requests > (see failing FileTransfer tests CB-9329) since CSP is only in the context > of the UIWebView. This is duplication of definitions unless we read the > meta tag from native and dynamically create the allowRequests whitelist > plugin. > > <allow-intent> I think is the domain of the InAppBrowser plugin only > (window.open). > > Am I missing anything? > > >
