05-21-2013 07:27 AM
05-22-2013 04:39 AM
It goes along these lines
<access uri="*" subdomains="true" />
<access uri="http://peardox.com" subdomains="true" />
<access uri="http://192.168.0.31" subdomains="true" />
<access uri="https://googleapis.com" subdomains="true" />
<access uri="https://gstatic.com" subdomains="true" />
Basically anything that returns anything from a server needs to have a SPECIFIC inclusion
In the above example peardox.com and 192.... are my public and local test servers - the others are Google Maps whitelists
The first line means I can accept any WEB PAGE from ANYWHERE
The other ones are allowing my app to get AJAX from specific servers
You can't whitelist the world (sensible)
You can turn this off but it's dangerous
I can tell you how to do that as well but would prefer if you design around not having that ability
05-22-2013 12:47 PM
Just an addition to the previous response...
If you app needs to access domains that may change, like is the case with some CDNs, you could go as far as to disable web security for your application. This would basically allow access to any domain.
This is not always the best practice, but it is an option.
<feature id="blackberry.app"> <param name="websecurity" value="disable" /> </feature>
Documentation available here: https://developer.blackberry.com/html5/documentati