Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Device: BB10 dev alpha
Accepted Solution

Config.xml whitelist doesn't work for some AJAX calls

Hi,

 

Here is an excerpt of my config.xml file:

<access subdomains="false" uri="http://www.***.tv" />

 

Here is the error I get: http://cl.ly/image/3r420g1Q2b1F

 

You have to trust me that the domains are exactly the same :smileyhappy: (in the AJAX call and config.xml). Indeed, this app works fine on the BB10 browser, but not "encapsulated" with WebWorks.

 

What's strange is that several other AJAX calls to the same domain work as expected. I have no idea where to look :smileysad: What could be wrong?

 

Thanks.

Cross-device app developer.
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Device: BB10 dev alpha

Re: Config.xml whitelist doesn't work for some AJAX calls

I tried to put this in config.xml:

<feature id="blackberry.app">
  <param name="websecurity" value="disabled" />
</feature>

 

Unfortunately I still get the same error! It does not seem logicial, am I missing something?

Cross-device app developer.
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Device: BB10 dev alpha

Re: Config.xml whitelist doesn't work for some AJAX calls

[ Edited ]

Ok, this time I am sure that I have found a SDK bug, maybe two :Ninja:

 

First, I'm not sure to understand the "websecurity" param. I've tried this variant too:

<access uri="http://www.***.tv">
  <feature id="blackberry.app" required="true">
    <param name="websecurity" value="disabled" />
  </feature>
</access>

 

But no luck, this AJAX call is still denied. Is it possible to whitelist every possible URL even if it's bad practice?

 

Having said that, now I know why this particular call is failing :Clap: Here is what it looks like:

http://www.***.tv/json/users/john@example.net/property/?dummyparam=42&etc

 

Notice the "@". I have checked with a colleague who used to work at the W3C and as far as we can tell, this URL is valid. Granted, the "@" in the URL path is not weird.

 

What I think is happening: the Webworks SDK uses a wrong regular expression which consider everything before the "@" as an authentication information and everything after as the domain name (here example.com). Since I've only whitelisted ***.tv, this request fails. How can I file a Webworks SDK bug?

Cross-device app developer.
BlackBerry Development Advisor
cdelcol
Posts: 37
Registered: ‎01-08-2010
My Device: Various

Re: Config.xml whitelist doesn't work for some AJAX calls

I've asked one of the devs to have a look. "@" has caused issues before and I want to make sure it didn't creep back in somehow.

 

Can you please confirm your OS/SDK versions for me?

Retired
jeffheifetz
Posts: 518
Registered: ‎07-18-2011
My Device: Bold

Re: Config.xml whitelist doesn't work for some AJAX calls

[ Edited ]

So first off, the reason the request is denied is because of a known issue with uris containing invalid @ signs. Technically the @ sign is only a valid uri character at the front like user@domain.com/blah, and at other points should be % encoded.

 

As per your work around, the correct work around would be to allow access uri="*", which should fix this case.

 

As per disabling web security, it should be done only as a last resort, but your original implementation was correct except for one minor detail, the value should be "disable" and NOT "disabled" so 

<feature id="blackberry.app">
    <param name="websecurity" value="disable" />
</feature>

 

Lastly you can always file a bug on github

 

Hope this clears things up.



1.Please resolve your thread by clicking the "Accept as Solution" button below the post which solved your problem!
2. If any post helps you please click the button below the post(s)
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Device: BB10 dev alpha

Re: Config.xml whitelist doesn't work for some AJAX calls

[ Edited ]

Edit: posted at the same time as jeffheifetz :smileyhappy:

 

Thanks!

 

  • BlackBerry 10 WebWorks SDK 1.0.4.5 on Mac OS X 10.8.2
  • BlackBerry OS 10.0.9.1675 (from Preferences app) running on BlackBerry 10 Dev Alpha

Also, do you have an answer concerning whitelisting every possible URLs? Of a better explanation of what "websecurity" does?

Cross-device app developer.
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Device: BB10 dev alpha

Re: Config.xml whitelist doesn't work for some AJAX calls

Thanks a lot! If the correct value is "disable", then I guess your have to update the documentation: https://developer.blackberry.com/html5/documentation/param_element.html :smileysurprised:
Cross-device app developer.