The default security policy is restrictive for a common case #29

vjrantal · 2015-07-16T09:22:10Z

Steps to reproduce:

$ manifoldjs http://www.microsoft.com -p ios
$ cd WwwMicrosoftCom/cordova/
$ cordova run ios

The end result looks something like below:

This happens, because the cross-origin resource access to download CSS files (and other resources) is blocked, which is caused by ManifoldCordova removing the "full access" rules that are created by cordova create by default (see https://github.com/manifoldjs/ManifoldCordova/blob/8e5b457c1e16cfc9c56308c5d1f26e340f48ae62/scripts/updateConfigurationBeforePrepare.js#L139).

The best default security policy would be such that it is as close as possible to the security policy enforced in modern Web browsers and honors related standards like CORS and CSP.

The text was updated successfully, but these errors were encountered:

ghost added this to the release-0.2.0 milestone Nov 20, 2015

ghost mentioned this issue Nov 20, 2015

Review default network access policy #50

Merged

ghost closed this as completed Nov 26, 2015

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The default security policy is restrictive for a common case #29

The default security policy is restrictive for a common case #29

vjrantal commented Jul 16, 2015

The default security policy is restrictive for a common case #29

The default security policy is restrictive for a common case #29

Comments

vjrantal commented Jul 16, 2015