breautek commented on issue #564: URL: https://github.com/apache/cordova-plugin-file/issues/564#issuecomment-1498270610
> Now if iOS only supports its own thing, then why even set a scheme ? iOS will treat the scheme, even custom ones as an origin and will trust the context, whereas loading from the filesystem (as it did in the past) will have the origin set to `null`, as W3C states it should do when the protocol is `file`. Having a real origin will bypass the "requires secure context" check inside the WKWebView. So if you use schemes, browser features that requires the secure context flag will be enabled. On iOS, the schemes are opt in, because Apple doesn't consider the file-base system as insecure, and switching schemes changes the origin, which web storage containers like cookies and local storage are tied to, so this results a loss of access of what might previously be stored. For some people, that might be a big deal. Android we default with schemes enabled, but can be opt out for the same reason above (origin changes). Google states using the file-base solution is an insecure approach and thus should be disabled. I agree `http` is obsolete, but there was a demand for it for few different reasons, so the option for `http` was added in a later release. Again, using schemes on android, (and I think this only applies if the scheme is `https`) will make Google treat the webview document as a secure context, enabling browser features that requires the secure context flag. Having the scheme customizable (including allowing `http` for android) also makes it easier for people wanting to remove the ionic webview dependency which did implement schemes for both platforms (for a quite a long time before Cordova did), particularly if they wanted to match the scheme they were using before to avoid a origin change. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
