Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
New Contributor
trpn
Posts: 4
Registered: ‎12-30-2012
My Device: Playbook
My Carrier: None

Playbook vs bb10 to access external resources

Hi (and happy new year),

I am a bit confused in regards to the access permissions for playbook vs bb10 webworks applications.

As per the document at this link (securing webworks applications) https://developer.blackberry.com/html5/documentation/securing_your_ww_app_1866986_11.html  - if the app needs to access data on external websites, the uri needs to be included in config.xml -
<access uri="https://somedomain.com" subdomains="true">

"By default, BlackBerry WebWorks applications cannot access data from external resources. For example, a BlackBerry WebWorks application cannot retrieve an HTML web page or make an AJAX request to a web service, unless you configure the application to allow access."

I created a test app for my playbook using webworks. The application loads jquery from a google hosted webserver and makes an ajax request to twitter.com.

I have tested it in ripple, the playbook simulator and on a playbook. Everything works - jquery loads, ajax call is made successfully, however I did not include anything in my config.xml to allow this.

When I load the application in the vmware bb10 dev simulator I get access is not allowed errors (as expected) when trying to load jquery from the google domain (and also on the ajax call when I put jquery.js as a local file).

Are there any differences for access permissions on playbook and bb10 devices when loading externally? It seems that on the playbook, this is wide open whereas bb10 works as it should.

config.xml has no access permissions defined yet on the playbook I can get data from both google and twitter where I don't believe I should be able to:

<?xml version="1.0" encoding="utf-8"?>
<widget xmlns="http://www.w3.org/ns/widgets"
        xmlns:rim="http://www.blackberry.com/ns/widgets"
        version="2.0.0.0">

  <author href="http://www.example.com/"
          rim:copyright="Copyright 1998-2012 My Corp">My Corp</author>

  <name>Sample application</name>

  <description>
    A sample application to demonstrate some features.
  </description>

  <rim:smileysurprised:rientation mode="auto"/>

  <rim:loadingScreen>
    <rim:transitionEffect type="zoomIn"/>
  </rim:loadingScreen>
         
  <rim:category name="games"/>   
  <!--<icon src="icons/example.png"/>-->

  <content src="index.html"/>
</widget>

Please use plain text.
Trusted Contributor
sh2sg
Posts: 177
Registered: ‎03-10-2011
My Device: Not Specified

Re: Playbook vs bb10 to access external resources

In BB10 you need to whitelist external domains in config.xml

 

<access uri="http://google.com" subdomains="true" />
<access uri="http://youtube.com" subdomains="true" />
<access uri="http://yimg.com" subdomains="true" />

<access uri="http://twitter.com" subdomains="true" />

Please use plain text.
New Contributor
trpn
Posts: 4
Registered: ‎12-30-2012
My Device: Playbook
My Carrier: None

Re: Playbook vs bb10 to access external resources

Yes but my question is more towards webworks and external resources on the playbook.

 

As you state and as the documentation I linked to states, config.xml must whitelist the domain, which is understandable. However, I did not experience this behaviour on the playbook and I am wondering if this is normal.

 

https://developer.blackberry.com/html5/documentation/securing_your_ww_app_1866986_11.html

 

This page does not make it clear to me that whitelisting is bb10 specific, but rather ALL webworks applications and in my test app I believe access to external resources on the playbook is wide open.

Please use plain text.
Trusted Contributor
sh2sg
Posts: 177
Registered: ‎03-10-2011
My Device: Not Specified

Re: Playbook vs bb10 to access external resources

In Playbook config.xml, I use <access uri="*" /> to whitelist everything, but guess BB10 does not allow this, or I missed something...

 

 

Please use plain text.
New Contributor
trpn
Posts: 4
Registered: ‎12-30-2012
My Device: Playbook
My Carrier: None

Re: Playbook vs bb10 to access external resources

My issue is that I am finding the playbook will allow all data from external resources without any type of access tag in config.xml.

 

Playbook with no access tag:

json from twitter allowed

javascript from google allowed

This does not seem correct.

 

bb10 with no access tag:

json from twitter NOT allowed

javascript from google NOT allowed

this is correct.

 

Why is it different?

Please use plain text.
Trusted Contributor
sh2sg
Posts: 177
Registered: ‎03-10-2011
My Device: Not Specified

Re: Playbook vs bb10 to access external resources

You can try to deploy Playbook SDK compiled bar file on BB10, then you don't need to worry about the whitelist things.

Please use plain text.
New Contributor
trpn
Posts: 4
Registered: ‎12-30-2012
My Device: Playbook
My Carrier: None

Re: Playbook vs bb10 to access external resources

sh2sg, thanks for trying but really I am not looking at ways to deploy on bb10 or how to allow data from particular domains via config.xml. I am fully aware of how config.xml will work in that regard on bb10. Please read the question. I am concerned/confused by the documentation provided by RIM.

My concern is around the documentation on --- https://developer.blackberry.com/html5/documentation/securing_your_ww_app_1866986_11.html --- in regards to the playbook.

I will quote again from this page:

"By default, BlackBerry WebWorks applications cannot access data from external resources. For example, a BlackBerry WebWorks application cannot retrieve an HTML web page or make an AJAX request to a web service, unless you configure the application to allow access."

This does not seem to be true for my application when compiled and run on the playbook. Whereas it is on bb10.

Does anyone know if this is a bug, an error in the documentation or some sort of setting not mentioned?
Please use plain text.