01-01-2013 04:18 AM
Hi (and happy new year),
I am a bit confused in regards to the access permissions for playbook vs bb10 webworks applications.
As per the document at this link (securing webworks applications) https://developer.blackberry.com/html5/documentati
<access uri="https://somedomain.com" subdomains="true">
"By default, BlackBerry WebWorks applications cannot access data from external resources. For example, a BlackBerry WebWorks application cannot retrieve an HTML web page or make an AJAX request to a web service, unless you configure the application to allow access."
I created a test app for my playbook using webworks. The application loads jquery from a google hosted webserver and makes an ajax request to twitter.com.
I have tested it in ripple, the playbook simulator and on a playbook. Everything works - jquery loads, ajax call is made successfully, however I did not include anything in my config.xml to allow this.
When I load the application in the vmware bb10 dev simulator I get access is not allowed errors (as expected) when trying to load jquery from the google domain (and also on the ajax call when I put jquery.js as a local file).
Are there any differences for access permissions on playbook and bb10 devices when loading externally? It seems that on the playbook, this is wide open whereas bb10 works as it should.
config.xml has no access permissions defined yet on the playbook I can get data from both google and twitter where I don't believe I should be able to:
<?xml version="1.0" encoding="utf-8"?>
rim:copyright="Copyright 1998-2012 My Corp">My Corp</author>
A sample application to demonstrate some features.
01-01-2013 12:50 PM
01-01-2013 03:47 PM
Yes but my question is more towards webworks and external resources on the playbook.
As you state and as the documentation I linked to states, config.xml must whitelist the domain, which is understandable. However, I did not experience this behaviour on the playbook and I am wondering if this is normal.
This page does not make it clear to me that whitelisting is bb10 specific, but rather ALL webworks applications and in my test app I believe access to external resources on the playbook is wide open.
01-01-2013 09:26 PM
My issue is that I am finding the playbook will allow all data from external resources without any type of access tag in config.xml.
Playbook with no access tag:
json from twitter allowed
This does not seem correct.
bb10 with no access tag:
json from twitter NOT allowed
this is correct.
Why is it different?
01-01-2013 10:03 PM