Coding With Fun
Home Docker Django Node.js Articles Python pip guide FAQ Policy

Cordova WhiteList

May 21, 2021 Cordova

Table of contents

1. Navigate the whitelist

2. Whitelist of intents

3. The network requests a whitelist

4. Content security policy

This plug-in allows us to implement the whitelist policy for application navigation. /b10> When we create a new Cordova project, the whitelist plug-in is installed and implemented by default. /b11> You can open the .xml file and see the allow-intent default settings provided by Cordova.

Navigate the whitelist

In the following simple example, we allow links to some external URLs. /b10> This code is located in .xml config. /b11> Navigation to the file:// by default. 

<allow-navigation href = "http://example.com/*" />

The asterisk * used to allow navigation to multiple values. /b10> In the example above, we allow navigation to all sub-domains example.com of the system. /b11> The same can be applied to protocols or prefixes to hosts. 

<allow-navigation href = "*://*.example.com/*" />

Whitelist of intents

There is also an allow-intent element that specifies the URL that allows the system to be opened. /b10> You can .xml in the config page that Cordova has allowed us to use most of the required links.

The network requests a whitelist

When you .xml the config file, there are elements of the .lt; access origin. /b10> This element allows all network requests to our application via the Cordova hook. /b11> If you only want to allow a specific request, you can .xml from the config file and set it up yourself.

Use the same principle as the previous example. 

<access origin = "http://example.com" />

This allows all network requests http://example.com from the server.

Content security policy

You can .html the app's current security policy in the head element in the index 

<meta http-equiv = "Content-Security-Policy" content = "default-src 
   'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 
   'self' 'unsafe-inline'; media-src *">

This is the default configuration. If you want to allow everything from the same origin example.com , you can use - 

<meta http-equiv = "Content-Security-Policy" content = "default-src 'self' foo.com">

You can also allow everything, but limit CSS and JavaScript to the same source. 

<meta http-equiv = "Content-Security-Policy" content = "default-src *; 
   style-src 'self' 'unsafe-inline'; script-src 'self' 
   'unsafe-inline' 'unsafe-eval'">

Since this is a beginner's tutorial, we recommend using the default Cordova option. /b10> Once you are familiar with Cordova, you can try some different values.


Related

Cordova Location

Where are cordova creek apartments in cordova tn?

Cordova dialog box

How big is a yeti cordova compared to a cordova 50?

Cordova Media Capture

Cordova return button

Cordova WhiteList

Cordova contact

Cordova camera

Cordova InAppBrowser