Yeah this is a platform restriction exclusively related to the security model related to referencing JavaScript code that is not inside the app package. There are no restrictions on XHR style calls or general content. At the moment you need to include that content in a webview control (custom x-ms-webview element) or iframe. (The equivalent of "sandboxed" content on other platforms.)
Here's the scoop on security current state: http://msdn.microsoft.com/en-us/library/windows/apps/hh849625.aspx Lots of conversations going on about go-forward plan on this topic. A JavaScript Dynamic Content shim polyfill was recently released to help improve compatibility that is blessed by Windows: https://github.com/MsopenTech/winstore-jscompat -Chuck -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ian Clelland Sent: Tuesday, August 26, 2014 6:05 AM To: [email protected] Subject: Re: Windows build issue due to http whitelisting rules Wow -- it seems very heavy-handed to force that on app developers (how do you build a web browsing app in that case?) Does that apply to all network requests, or just the pages that can be loaded into the main application window? Your solution seems like a good one, though; just filter the unusable rules between the app-level configuration and the platform config, and warn the developer that it's happening. (At least I *think* that's what it's doing ;) ) On Tue, Aug 26, 2014 at 5:19 AM, Sergey Grebnov (Akvelon) < [email protected]> wrote: > Windows 8.1 and Phone 8.1 requires https for access rules[1], http is > not supported anymore. I've sent PR below [2] to prevent build failure > and trace warning message for this case. One of real cases where it is > required is mobile spec app which cannot' be built since it defines > the following rules. > > <access origin="http://audio.ibeat.org"; /> > <access origin="http://cordova-filetransfer.jitsu.com"; /> > <access origin="http://whatheaders.com"; /> > <access origin="http://*.apache.org"; /> > <access origin="https://*.apache.org"; /> > <access origin="http://www.google.com"; /> > <access origin="http://techslides.com"; /> > <access origin="httpssss://example.com" /> > > [1] > http://msdn.microsoft.com/en-us/library/windows/desktop/dn457654(v=vs. > 85).aspx [2] https://github.com/apache/cordova-windows/pull/41 > > Thx! > Sergey >
