May 21, 2021 Cordova
This plug-in allows us to implement the whitelist policy for application navigation. /b10> When we create a new Cordova project, the whitelist plug-in is installed and implemented by default. /b11> You can open the .xml file and see the allow-intent default settings provided by Cordova.
In the following simple example, we allow links to some external URLs. /b10> This code is located in .xml config. /b11> Navigation to the file:// by default.
<allow-navigation href = "http://example.com/*" />
The asterisk * used to allow navigation to multiple values. /b10> In the example above, we allow navigation to all sub-domains example.com of the system. /b11> The same can be applied to protocols or prefixes to hosts.
<allow-navigation href = "*://*.example.com/*" />
There is also an allow-intent element that specifies the URL that allows the system to be opened. /b10> You can .xml in the config page that Cordova has allowed us to use most of the required links.
When you .xml the config file, there are elements of the .lt; access origin. /b10> This element allows all network requests to our application via the Cordova hook. /b11> If you only want to allow a specific request, you can .xml from the config file and set it up yourself.
Use the same principle as the previous example.
<access origin = "http://example.com" />
This allows all network requests http://example.com from the server.
You can .html the app's current security policy in the head element in the index
<meta http-equiv = "Content-Security-Policy" content = "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
This is the default configuration. If you want to allow everything from the same origin example.com , you can use -
<meta http-equiv = "Content-Security-Policy" content = "default-src 'self' foo.com">
You can also allow everything, but limit CSS and JavaScript to the same source.
<meta http-equiv = "Content-Security-Policy" content = "default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
Since this is a beginner's tutorial, we recommend using the default Cordova option. /b10> Once you are familiar with Cordova, you can try some different values.