Any objections or further feedback? If not I will move on to what we seem to have consensus about:
If there are no <access> entries, then network requests are wide open (wildcard * default) and security is handled via CSP. We would recommend no <access> entries to be used, users should use CSP. On Tue, Aug 11, 2015 at 7:01 PM, Shazron <shaz...@gmail.com> wrote: > > So, is the whitelist plugin network request list "*" with no <access> >> entries, or >> "*" because of the <access> entry added to the default project? > > > "*" would be the default. So if there are no <access> entries, it would be > added. If the default project had the <access> wildcard, then no change > (since that is the default anyway). > > The old way you would need an explicit <access> entry wildcard for > unrestricted native and web code access -- the new way is unrestricted > native code access (unless set explicitly), and CSP for web code access. >