Enable whitelisting support for embedded content #118
Comments
|
Is local vs. Remote the right question? Or is it more about differing domains of content? ----- Original Message ----- All api's are available to embedded content, regardless of config.xml App is a local index.html with app api's whitelisted, embedded iframe The embedded content has access to any api the app has. Expected: Reply to this email directly or view it on GitHub: This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. |
|
different domains is a better question. Here is the problem, there is no way to find out from that if a NetworkResourceRequest came from an iFrame or original page. So I will be opening a PR. |
|
Fixed? cc @jeffheifetz |
|
Not yet |
Changes a webview's requests to use the referrer from the NetworkResourceRequestedEvent instead of originalLocation. Reviewed By: Jeffrey Heifetz <[email protected]> Tested By: Igor Shneur <[email protected]>
All api's are available to embedded content, regardless of config.xml
App is a local index.html with app api's whitelisted, embedded iframe
with no api's allowed (think of an rss reader app)
The embedded content has access to any api the app has.
Expected:
@kwallis - fill in the details on what you want the behavior to be for remote url vs. local url
The text was updated successfully, but these errors were encountered: