[
https://issues.apache.org/jira/browse/CB-6266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978791#comment-13978791
]
Jesse MacFadyen commented on CB-6266:
-------------------------------------
Unfortunately neither the new pull-request [1] or the original commit of the
feature [2] actual implement the feature.
The whitelist is meant to grant access to a domain, meaning, you cannot load
pages from a domain that is NOT in the whitelist, and hopefully also no
scripts, images, or xhr requests either.
The currently merged solution does nothing more than add a
ApplicationContentUriRule to the package manifest.
As the MS docs state [3], this simply:
"Specifies which pages in the web context have access to the system's
geolocation devices (if the app has permission to access this capability) and
access to the clipboard."
This means :
1. pages from non-whitelisted uris can still load ( in a web-context )
2. no pages loaded in a web-context can access WinJS, or Cordova APIs
This is far from the desired feature of whitelist support, which I fear is
currently not possible in Windows 8x
[1] https://github.com/apache/cordova-windows/pull/27
[2] https://github.com/apache/cordova-windows/pull/23
[3] http://msdn.microsoft.com/en-US/library/windows/apps/br211416.aspx
> Windows8. Add Whitelisting rules support from config file
> ---------------------------------------------------------
>
> Key: CB-6266
> URL: https://issues.apache.org/jira/browse/CB-6266
> Project: Apache Cordova
> Issue Type: Bug
> Components: Windows 8
> Reporter: Sergey Grebnov
> Assignee: Sergey Grebnov
>
> Currently config.xml <access> rules are not applied.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
