[jira] [Commented] (CB-9009) default CSP needs to include 8472 for blackberry

Fri, 07 Aug 2015 14:04:21 -0700 

    [ 
https://issues.apache.org/jira/browse/CB-9009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14662453#comment-14662453
 ] 

ASF GitHub Bot commented on CB-9009:
------------------------------------

Github user csantanapr commented on the pull request:

    
https://github.com/apache/cordova-app-hello-world/pull/10#issuecomment-128833712
  
    -1
    hum this looks very ugly in the template. I don't like to have this in the 
default template. people might think that is a security whole.
    In another platform like android, not picking android then that port will 
be expose, it will not get intercepted because is not blackberry
    
    some options:
    1. bb plugin to implement plugin hook, this is a new type of hook that 
plugins can implement 
    If this is only required for BlackBerry, then the plugin for blackberry can 
implement a plugin hook to edit the index.html during after_prepare. it can 
parse the index.html look for the tag and if http://locahost:8472 doesn't exist 
then added.
    
    2. the cordova.js for blackberry dynamically edits the csp tag in the dom
    when cordova.js runs before setting up the plugin update the csp meta, I 
don't know if this is too late to change since index.html is already parsed, if 
this is not an option then take a look at option 1 above


> default CSP needs to include 8472 for blackberry
> ------------------------------------------------
>
>                 Key: CB-9009
>                 URL: https://issues.apache.org/jira/browse/CB-9009
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: App Hello World, Plugin Whitelist
>    Affects Versions: 5.0.0
>            Reporter: Josh Soref
>            Assignee: Josh Soref
>            Priority: Blocker
>
> These files:
> {code}
> ./cordova-js-src/exec.js
> ./framework/bootstrap/require.js
> ./framework/lib/utils.js
> ./javascript/cordova.blackberry10.js
> {code}
> all hard code 8472 as a magical port for cordova-blackberry apps 
> (specifically it's used for the exec bridge).
> The current hello-world CSP prevents cordova-blackberry from working out of 
> the box.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to