Welcome!

Welcome to the Official BlackBerry Support Community Forums. This is your resource to discuss support topics with your peers, and learn from each other. New to the forum? Please visit the ‘Getting Started’ link below.
All New Topics | All New Posts
inside custom component

Web and WebWorks Development

Reply
Topic Options
tbassetto
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Carrier: Sosh (Orange subsidiary)
Accepted Solution

Config.xml whitelist doesn't work for some AJAX calls

Options

‎12-18-2012 04:49 AM

Hi,

 

Here is an excerpt of my config.xml file:

<access subdomains="false" uri="http://www.***.tv" />

 

Here is the error I get: http://cl.ly/image/3r420g1Q2b1F

 

You have to trust me that the domains are exactly the same :smileyhappy: (in the AJAX call and config.xml). Indeed, this app works fine on the BB10 browser, but not "encapsulated" with WebWorks.

 

What's strange is that several other AJAX calls to the same domain work as expected. I have no idea where to look :smileysad: What could be wrong?

 

Thanks.

Cross-device app developer.
Report Inappropriate Content
Message 1 of 7 (740 Views)
Reply
0 Likes
Please use plain text.
 
tbassetto
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Carrier: Sosh (Orange subsidiary)

Re: Config.xml whitelist doesn't work for some AJAX calls

Options

‎12-18-2012 03:53 PM

I tried to put this in config.xml:

<feature id="blackberry.app">
  <param name="websecurity" value="disabled" />
</feature>

 

Unfortunately I still get the same error! It does not seem logicial, am I missing something?

Cross-device app developer.
Report Inappropriate Content
Message 2 of 7 (724 Views)
Reply
0 Likes
Please use plain text.
 
tbassetto
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Carrier: Sosh (Orange subsidiary)

Re: Config.xml whitelist doesn't work for some AJAX calls

[ Edited ]
Options

‎12-19-2012 09:50 AM - edited ‎12-19-2012 09:51 AM

Ok, this time I am sure that I have found a SDK bug, maybe two :Ninja:

 

First, I'm not sure to understand the "websecurity" param. I've tried this variant too:

<access uri="http://www.***.tv">
  <feature id="blackberry.app" required="true">
    <param name="websecurity" value="disabled" />
  </feature>
</access>

 

But no luck, this AJAX call is still denied. Is it possible to whitelist every possible URL even if it's bad practice?

 

Having said that, now I know why this particular call is failing :Clap: Here is what it looks like:

http://www.***.tv/json/users/john@example.net/property/?dummyparam=42&etc

 

Notice the "@". I have checked with a colleague who used to work at the W3C and as far as we can tell, this URL is valid. Granted, the "@" in the URL path is not weird.

 

What I think is happening: the Webworks SDK uses a wrong regular expression which consider everything before the "@" as an authentication information and everything after as the domain name (here example.com). Since I've only whitelisted ***.tv, this request fails. How can I file a Webworks SDK bug?

Cross-device app developer.
Report Inappropriate Content
Message 3 of 7 (709 Views)
Reply
0 Likes
Please use plain text.
 
BlackBerry Development Advisor
BlackBerry Development Advisor
cdelcol
Posts: 37
Registered: ‎01-08-2010
My Carrier: Rogers

Re: Config.xml whitelist doesn't work for some AJAX calls

Options

‎12-19-2012 10:40 AM

I've asked one of the devs to have a look. "@" has caused issues before and I want to make sure it didn't creep back in somehow.

 

Can you please confirm your OS/SDK versions for me?

Report Inappropriate Content
Message 4 of 7 (703 Views)
Reply
0 Likes
Please use plain text.
 
BlackBerry Development Advisor
BlackBerry Development Advisor
jeffheifetz
Posts: 514
Registered: ‎07-18-2011
My Carrier: Rogers

Re: Config.xml whitelist doesn't work for some AJAX calls

[ Edited ]
Options

‎12-19-2012 10:47 AM - edited ‎12-19-2012 10:48 AM

So first off, the reason the request is denied is because of a known issue with uris containing invalid @ signs. Technically the @ sign is only a valid uri character at the front like user@domain.com/blah, and at other points should be % encoded.

 

As per your work around, the correct work around would be to allow access uri="*", which should fix this case.

 

As per disabling web security, it should be done only as a last resort, but your original implementation was correct except for one minor detail, the value should be "disable" and NOT "disabled" so 

<feature id="blackberry.app">
    <param name="websecurity" value="disable" />
</feature>

 

Lastly you can always file a bug on github

 

Hope this clears things up.


1.Please resolve your thread by clicking the "Accept as Solution" button below the post which solved your problem!
2. If any post helps you please click the button below the post(s)
Report Inappropriate Content
Message 5 of 7 (700 Views)
Reply
0 Likes
Please use plain text.
 
tbassetto
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Carrier: Sosh (Orange subsidiary)

Re: Config.xml whitelist doesn't work for some AJAX calls

[ Edited ]
Options

‎12-19-2012 10:50 AM - edited ‎12-19-2012 10:52 AM

Edit: posted at the same time as jeffheifetz :smileyhappy:

 

Thanks!

 

  • BlackBerry 10 WebWorks SDK 1.0.4.5 on Mac OS X 10.8.2
  • BlackBerry OS 10.0.9.1675 (from Preferences app) running on BlackBerry 10 Dev Alpha

Also, do you have an answer concerning whitelisting every possible URLs? Of a better explanation of what "websecurity" does?

Cross-device app developer.
Report Inappropriate Content
Message 6 of 7 (697 Views)
Reply
0 Likes
Please use plain text.
 
tbassetto
Contributor
tbassetto
Posts: 16
Registered: ‎07-19-2012
My Carrier: Sosh (Orange subsidiary)

Re: Config.xml whitelist doesn't work for some AJAX calls

Options

‎12-19-2012 10:53 AM

Thanks a lot! If the correct value is "disable", then I guess your have to update the documentation: https://developer.blackberry.com/html5/documentation/param_element.html :smileysurprised:
Cross-device app developer.
Report Inappropriate Content
Message 7 of 7 (693 Views)
Reply
0 Likes
Please use plain text.