+1 from me.
> On 26 Aug 2015, at 23:13, Shazron <[email protected]> wrote: > > Any objections or further feedback? If not I will move on to what we seem > to have consensus about: > > If there are no <access> entries, then network requests are wide open > (wildcard * default) and security is handled via CSP. > We would recommend no <access> entries to be used, users should use CSP. > >> On Tue, Aug 11, 2015 at 7:01 PM, Shazron <[email protected]> wrote: >> >> >> So, is the whitelist plugin network request list "*" with no <access> >>> entries, or >>> "*" because of the <access> entry added to the default project? >> >> >> "*" would be the default. So if there are no <access> entries, it would be >> added. If the default project had the <access> wildcard, then no change >> (since that is the default anyway). >> >> The old way you would need an explicit <access> entry wildcard for >> unrestricted native and web code access -- the new way is unrestricted >> native code access (unless set explicitly), and CSP for web code access. >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
