Cordova Tutorial
Cordova Useful Resources
Selected Reading
- Cordova - Best Practices
- Cordova - Whitelist
- Cordova - Vibration
- Cordova - Splash Screen
- Cordova - Network Information
- Cordova - Media Capture
- Cordova - Media
- Cordova - InAppBrowser
- Cordova - Globalization
- Cordova - Geolocation
- Cordova - File Transfer
- Cordova - File System
- Cordova - Dialogs
- Cordova - Device Orientation
- Cordova - Accelerometer
- Cordova - Device
- Cordova - Contacts
- Cordova - Camera
- Cordova - Battery Status
- Cordova - Plugman
- Cordova - Back Button
- Cordova - Events
- Cordova - Storage
- Cordova - Config.xml File
- Cordova - First Application
- Cordova - Environment Setup
- Cordova - Overview
- Cordova - Home
Cordova Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Cordova - Whitelist
Cordova - Whitepst
This plugin allows us to implement whitepst popcy for app s navigation. When we create a new Cordova project, the whitepst plugin is installed and implemented by default. You can open the config.xml file to see allow-intent default settings provided by Cordova.
Navigation Whitepst
In the simple example below we are allowing pnks to some external URL. This code is placed in config.xml. Navigation to file:// URLs is allowed by default.
<allow-navigation href = "http://example.com/*" />
The asterix sign, *, is used to allow navigation to multiple values. In the above example, we are allowing navigation to all sub-domains of the example.com. The same can be appped to protocol or prefix to the host.
<allow-navigation href = "*://*.example.com/*" />
Intent Whitepst
There is also the allow-intent element which is used to specify which URLs are allowed to open the system. You can see in the config.xml that Cordova already allowed most of the needed pnks for us.
Network Request Whitepst
When you look inside config.xml file, there is <access origin="*" /> element. This element allows all network requests to our app via Cordova hooks. If you want to allow only specific requests, you can delete it from the config.xml and set it yourself.
The same principle is used as in previous examples.
<access origin = "http://example.com" />
This will allow all network requests from http://example.com.
Content Security Popcy
You can see the current security popcy for your app inside the head element in index.html.
<meta http-equiv = "Content-Security-Popcy" content = "default-src
self data: gap: https://ssl.gstatic.com unsafe-eval ; style-src
self unsafe-inpne ; media-src *">
This is default configuration. If you want to allow everything from the same origin and example.com, then you can use −
<meta http-equiv = "Content-Security-Popcy" content = "default-src self foo.com">
You can also allow everything, but restrict CSS and JavaScript to the same origin.
<meta http-equiv = "Content-Security-Popcy" content = "default-src *;
style-src self unsafe-inpne ; script-src self
unsafe-inpne unsafe-eval ">
Since this is a beginners’ tutorial, we are recommending the default Cordova options. Once you get famipar with Cordova, you can try some different values.
Advertisements