[
https://issues.apache.org/jira/browse/CB-7747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14181667#comment-14181667
]
Ian Clelland commented on CB-7747:
----------------------------------
I've implemented this for Android, and have started working on iOS.
In order, the rough steps are:
1. Add hooks for plugins to override network events. For Android, those events
are:
* boolean shouldAllowRequest(url)
* boolean shouldAllowNavigation(url)
* boolean shouldOpenExternalUrl(url)
2. Add methods to the framework to query all installed plugins for each of
these events (using #1). These methods should be able to detect when *zero*
plugins actually implement the hooks, so that some default policy can be used.
3. Defer whitelist-related decisions in the framework to plugins, using #2.
4. Ensure that plugins can read config.xml and do their own parsing of it on
startup
5. Pull whitelist parsing out of application startup
6. Write a plugin that implements the current Cordova policy, using #1 and #4.
(i.e, reads config.xml for <access> tags, and makes the same decisions that
Cordova currently does) This is currently
https://github.com/clelland/cordova-plugin-whitelist
7. Clean up any extra whitelist objects left in the core framework.
I'm deliberately leaving in the Whitelist.java and CDVWhitelist.* files, so
that plugins can use them as a kind of "common language" for match patterns.
They don't have to, though -- they're not used by the rest of the framework at
all, and Cordova core shouldn't rely on them as an interface.
> Extract whitelist functionality into a plugin
> ---------------------------------------------
>
> Key: CB-7747
> URL: https://issues.apache.org/jira/browse/CB-7747
> Project: Apache Cordova
> Issue Type: Improvement
> Affects Versions: 4.0.0
> Reporter: Ian Clelland
> Assignee: Ian Clelland
>
> Mailing list thread: http://markmail.org/message/6jqt5f3t4iio52td
> Also @apache:
> https://mail-archives.apache.org/mod_mbox/cordova-dev/201407.mbox/%3CCADVgkyNN3EKT4xiRXJFbwMGFhsrVF3kHQRzd3exvb5nW7_GdfA%40mail.gmail.com%3E
> Ideally the network policy is completely removed from Cordova core, and
> replaced with a small set of plugin hooks so that different kinds of policies
> can be implemented in different plugins. The current whitelist implementation
> can be an example plugin provided for backwards-compatibility.
> It should also be possible, once this is removed, to control the webview's
> network policy with CSP, in most platforms.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
