Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
Contributor
Posts: 10
Registered: ‎05-18-2013
My Device: 8520
My Carrier: Idea

Android to BB10 Porting Phone Gap Application

I'm trying to port phonegap Android app to bb10, The issue is android web-view doesn't follow Same Origin Policy so app works fine on Android. But seems BB10 web view follows Same Origin Policy. so application doesn't work properly in BB10 devices. Is there any way to disable this SOP in BB10 within Android code or java script?
Developer
Posts: 1,229
Registered: ‎03-20-2011
My Device: Playbook, Z10 LE, Dev Alpha B, 2x Dev Alpha C
My Carrier: 3, Orange, Vodafone

Re: Android to BB10 Porting Phone Gap Application

config.xml

 

It goes along these lines

 

    <access uri="*" subdomains="true" />
    <access uri="http://peardox.com" subdomains="true" />
    <access uri="http://192.168.0.31" subdomains="true" />
    <access uri="https://googleapis.com" subdomains="true" />
    <access uri="https://gstatic.com" subdomains="true" />

Basically anything that returns anything from a server needs to have a SPECIFIC inclusion

 

In the above example peardox.com and 192.... are my public and local test servers - the others are Google Maps whitelists

 

The first line means I can accept any WEB PAGE from ANYWHERE

 

The other ones are allowing my app to get AJAX from specific servers

 

You can't whitelist the world (sensible)

 

You can turn this off but it's dangerous

 

I can tell you how to do that as well but would prefer if you design around not having that ability




Click the like button if you find my posts useful!
Highlighted
BlackBerry Development Advisor
Posts: 762
Registered: ‎10-01-2009
My Device: All
My Carrier: N/A

Re: Android to BB10 Porting Phone Gap Application

Just an addition to the previous response...

 

If you app needs to access domains that may change, like is the case with some CDNs, you could go as far as to disable web security for your application.  This would basically allow access to any domain.  

 

This is not always the best practice, but it is an option.

 

<feature id="blackberry.app">
    <param name="websecurity" value="disable" />
</feature>

 

Documentation available here: https://developer.blackberry.com/html5/documentation/param_element.html