If you are using Internet Explorer, please remove blackberry.com from your compatibility view settings.

Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
New Developer
UserNeo
Posts: 74
Registered: ‎10-23-2008
My Device: 9000

Permission issues with HTTPS connections

Hi,

 

i develop a little WebWorks app for BB10 with connections over HTTPS. 

My config.xml looks like this:

 

<widget xmlns="http://www.w3.org/ns/widgets"
        xmlns:rim="http://www.blackberry.com/ns/widgets"
        version="1.0.0"
        id="UploadTest">
    <name>UploadTest</name>
    <content src="index.html"/>
    <author>UploadTest</author>
	
	<access uri="*" />
	<feature id="blackberry.io.filetransfer">
        <param name="websecurity" value="disable" />
    </feature>	
	<feature id="blackberry.io">
        <param name="websecurity" value="disable" />
    </feature>
</widget>

 I try now a jquery ajax query on https://myurl.com appear in my simulator (Dev Alpha BB10_0_10.261) and Dev Alpha device following message

Access to "https://myurl.com/api.php?Email=mail@mail.mail&Password=pwd"" not allowed

 What am i doing wrong?

 

cu

UserNeo

Please use plain text.
BlackBerry Development Advisor (Retired)
erikjohnzon
Posts: 245
Registered: ‎09-21-2012
My Device: Q10
My Carrier: Virgin

Re: Permission issues with HTTPS connections

The whitelisting rules can be strange. Have you tried adding an access tag for the specific url. I can see that you have turned off websecurity. But give it a shot anyways.

 

<access uri="myurls.com" subdomains="true" />

 

@erikjohnzon
erjohnson@blackberry.com
Please use plain text.
Developer
peardox
Posts: 1,229
Registered: ‎03-20-2011
My Device: Playbook, Z10 LE, Dev Alpha B, 2x Dev Alpha C
My Carrier: 3, Orange, Vodafone

Re: Permission issues with HTTPS connections

It's called whilelisting

 

What this means is exactly as it sounds

 

You whitelist a single domain

 

e.g.

 

<access domain="www.nobody.com">

</access>

 

INSIDE the access stuff you tell it what it can do

 

The disable web secirity is an override that allows you to ignore such settings but unless you have a VERY good reason to do so is a REALLY bad idea as it appears to the user that they might get a virus or summat

 

 




Click the like button if you find my posts useful!
Please use plain text.