Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
New Contributor
Posts: 7
Registered: ‎07-15-2013
My Device: Z10 Q10
My Carrier: A1

Whitelist problem with https

I'm developing an app with phonegap for Blackberry 10 and whitelisting for http is working, but I also have a backend request with https and I can't whitelist it and get it working. With websecurity disabled it's working.

 

Here is the URL:

 

https://abc.def.com/xyzservice-1_0_5/videoservice/

 

 

How can I whitelist it? Please help, I've spent several hours experimenting inside the config xml, but it never worked so far. I read that there is a bug with asterisk * and stuff in whitelisting, so maybe you can point me to the right direction to make it work.

 

Thanks a lot for any help :-)

Retired
Posts: 1,561
Registered: ‎04-12-2010
My Device: BlackBerry Z10
My Carrier: Bell

Re: Whitelist problem with https

The following I would expect to work:

<access uri="https://www.def.com" subdomains="true" />

Can you give that a try?

Erik Oros | @WaterlooErik | eoros@blackberry.com | Developer Issue Tracker

If a reply has answered your question, please click Accept as Solution to help other visitors in the future.
New Contributor
Posts: 7
Registered: ‎07-15-2013
My Device: Z10 Q10
My Carrier: A1

Re: Whitelist problem with https

Thank you, but it is not working.

 

I still get following error:

 

JavaScript Alert

Access to "https://abc.def.com/xyzservice-1_0_5/videoservice/getLastVideo?videoid=blabla&email=bla@bla.com&_=12... not allowed

 

 

 

I tried to encodeUri for the @ in the URL but it didn't work either.

 

I think that it has something to do with the special characters like the @ and the ampersand &. I read in some other threads that these characters are making trouble sometimes... 

 

But so far I think I tried everything and still not working.

 

Would it be very bad if I just turn websecurity off for my app? Can it be submitted to Blackberry World if websecurity is disabled or will it be rejected?

 

Thank you!

Retired
Posts: 1,561
Registered: ‎04-12-2010
My Device: BlackBerry Z10
My Carrier: Bell

Re: Whitelist problem with https

[ Edited ]

Hi there, one more try two more tries:

 

<access uri="https://def.com" subdomains="true" />

<access uri="https://abc.def.com" subdomains="true" />


If disabling web security resolves the issue we should be able to find the proper <access> setup, but it can be finicky at times. Anything beyond the .com shouldn't affect whether a URL is whitelisted or not so the @ symbols should be okay.

 

If you disable Web Security, you are basically just allowing your application to access ANY URLs out there. Preferably we can set the appropriate <access> element, but your application shouldn't be denied for disabling web security. Again though, if we don't have to, we should avoid it.


Erik Oros | @WaterlooErik | eoros@blackberry.com | Developer Issue Tracker

If a reply has answered your question, please click Accept as Solution to help other visitors in the future.
New Contributor
Posts: 7
Registered: ‎07-15-2013
My Device: Z10 Q10
My Carrier: A1

Re: Whitelist problem with https

[ Edited ]

Thank you, but this isn't working.

 

I just found out it has something to do with the url params and probably the @

 

As I said, there are 1 or 2 other threads where ppl found out the same. There is a bug with whitelisting when you use @ or some other special characters. I don't have time to search for these other threads now, where other developers encountered the same issue.

 

To proof it I removed the url params and just called https://abc.def.com  with my ajax request and all of a sudden the request was working without Javascript alert that the url is not allowed.

 

Would be cool if you could fix this bug with the whitelisting. I don't know if its in phonegap or in webworks, but I think it is in webworks :-)

 

 

 

WORKING:

var that = this;
var url = 'https://abc.def.com';

$.ajax({
url: url,
dataType: 'json',
success: function(data) {
// bla bla
},
error: function(a, b, c) {
// bla bla
}
});

 

 

 

 

 

NOT WORKING:

var that = this;
var url = 'https://abc.def.com/xyzservice-1_0_5/videoservice/getLastVideo?videoid=blabla&email=bla@bla.com&_=12...

$.ajax({
url: url,
dataType: 'json',
success: function(data) {
// bla bla
},
error: function(a, b, c) {
// bla bla
}
});

 

 

 

Retired
Posts: 1,561
Registered: ‎04-12-2010
My Device: BlackBerry Z10
My Carrier: Bell

Re: Whitelist problem with https

That's some good information, I appreciate you sharing. I haven't seen this myself but your testing does indicate a major issue.

I'll run this past our dev teams and will open a bug report here to get it fixed.

Erik Oros | @WaterlooErik | eoros@blackberry.com | Developer Issue Tracker

If a reply has answered your question, please click Accept as Solution to help other visitors in the future.
Retired
Posts: 1,561
Registered: ‎04-12-2010
My Device: BlackBerry Z10
My Carrier: Bell

Re: Whitelist problem with https

I've spoken with Jeff from our development team and they provided the following insight (paraphrased.)

 

It is a known issue documented within our WebWorks issues. Technically any URL that has an @ symbol should have that URL encoded. According to the URI spec, @ is not a valid character. Specifically; the @ sign is valid, but reserved for user@domain.

If you are able to encode the URL so that @ is replaced by %40 then it should resolve the issue. Our teams are investigating a more robust implementation but technically there should not be any @ symbols at that part of the URL.

 

If you don't have the ability to encode the URL (if the script is external), then disabling web security will be required for the time being.


Erik Oros | @WaterlooErik | eoros@blackberry.com | Developer Issue Tracker

If a reply has answered your question, please click Accept as Solution to help other visitors in the future.
New Contributor
Posts: 7
Registered: ‎07-15-2013
My Device: Z10 Q10
My Carrier: A1

Re: Whitelist problem with https

Thank you.

 

I tried to encode it with %40 but it didn't work I think. Maybe I forgot something and it is my fault, I don't know. I've spent way too much time with this issue and I will turn websecurity off now and finish the app and maybe in the next version I will try again to whitelist.

 

Thanks for your help.

Retired
Posts: 1,561
Registered: ‎04-12-2010
My Device: BlackBerry Z10
My Carrier: Bell

Re: Whitelist problem with https

Sure thing; just for reference, it is this function I was referring to

http://www.w3schools.com/jsref/jsref_encodeuri.asp

 

Example: You pass the URL to the function and then use the result in the actual request.

 

var encodedURL = encodeURI(url);
/* Now we use encodedURL. */

 


Erik Oros | @WaterlooErik | eoros@blackberry.com | Developer Issue Tracker

If a reply has answered your question, please click Accept as Solution to help other visitors in the future.
New Contributor
Posts: 7
Registered: ‎07-15-2013
My Device: Z10 Q10
My Carrier: A1

Re: Whitelist problem with https

Thank you :-)

 

 

var encodedURL = encodeURI(url);

Didn't work. I tried it myself before with different approaches to encoding, but never got a working result.... Tough nut to crack...

 

I think it's impossible right now to find a crack and I'm waiting for a bugfix for this issue and implement it in our next app version.