whitelist-misc.md

Whitelist misc

Date: 2015-11-02

This page include misc that are (at least) related to Phonegap Whitelist

If however, your version is before 4.0.0, let use say 3.5.0 or 3.7.0, then you will not have to add the white-list requirement.

To be clear, the "whitelist" has been around for a bit, but the plugin and requirement is very new. As you would expect, when the "whitelist" was added, the defacto open-access feature was deprecated. Or said another way, the defacto open-access feature was planned and scheduled to be eliminated. This change marks a step in removal of the open-access feature.

In addition, the Content Security Policy (CSP) has caught numerous developers - because it was soooo poorly publicized. Depending on your use and the version of Phonegap you are using, the CSP needs to go in every single HTML page you used, just like you have to wait for 'deviceready'. However, there are cases where it is not needed at all. The documentation is confusing for some, please read it carefully. The documentation is buried in the bottom of many of the latest documentation pages.

Lastly, Raymond Camden in his blog points to a LARGE change in policy starting with Cordova 5

Windows 8.1 allows only https URIs, not http URIs
https://msdn.microsoft.com/en-us/library/windows/desktop/dn457654%28v=vs.85%29.aspx

While apps built for Windows 8 can include http and https URIs in their application content URIs, apps built for Windows 8.1 may include only https URIs.

ApplicationContentUriRules
https://msdn.microsoft.com/en-us/library/windows/apps/br211416.aspx

Specifies which pages in the web context have access to the system's geolocation devices (if the app has permission to access this capability) and access to the clipboard.

STUFF REMOVED FROM new-to-Phonegap.md

Cordova Blog: Plugins Release and Moving plugins to npm: April 21, 2015 and New Whitelist Plugins; scroll down to the title.

Cordova Blog: Apache Cordova Android 4.0.0 - This blog post outline the behaviour of the white-list for Android, including CLI.

Phonegap Build Forum: Notes for upgrading to cli-5.1.1 on PGB and now required Whitelist

• Cordova Whitelist Guide or npm version
• Phonegap Whitelist Guide
• Phonegap Build Whitelist Guide
• cordova-plugin-whitelist
• NOTES on CSP from Mozilla

Apple has a similar system that is in place. You can read some of the details in this link.
See: Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11
Also: Working with Apple's App Transport Security

• Apple's official documentation for App Transport Security

• Networking with NSURLSession - WWDC 2015 - Videos - Apple Developer - 40 minutes

• WWDC 2015 session 703, ?Privacy and Your App?, 30:18

• How to Disable App Transport Security ? Five Minute WatchKit ? Medium - Oct 13, 2015

• cordova-plugin-whitelist bugs