Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cleanup!(config.xml): simplify defaults #73

Merged
merged 2 commits into from
Oct 1, 2021
Merged

cleanup!(config.xml): simplify defaults #73

merged 2 commits into from
Oct 1, 2021

Conversation

erisu
Copy link
Member

@erisu erisu commented Oct 1, 2021

Platforms affected

all

Motivation and Context

Not all apps require the pre-define settings that we prodived.

The core template should be as minimalist as possible.

Description

  • Removed all predefined settings except for the basic allow-intent of http and https, so pages can continue to open the system browser.
  • Provide a simple instruction for access, allow-navigation and allow-intent.
  • Include 1 example for access and allow-navigation. allow-intent was excluded because it contains an actual usage.
  • Added direct link to the access, allow-navigation and allow-intent documentation anchor point.

Other Changes:

  • Shorten the template description
  • Updated author url
  • Formatted XML

Checklist

  • I've updated the documentation if necessary
    • The website documentation should list our the old defaults, not just in example configs, so users can read how to enable certain features. E.g. tel, geo, sms, etc...

@erisu erisu requested a review from dpogue October 1, 2021 03:37
dpogue
dpogue approved these changes Oct 1, 2021
View reviewed changes
Copy link
Member

@dpogue dpogue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO this significantly improves the default security settings for new Cordova apps, and will make people think about what origins they actually need to allow

@erisu erisu merged commit 3233dc9 into apache:master Oct 1, 2021
@erisu erisu deleted the cleanup/config-xml branch October 1, 2021 04:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpogue dpogue dpogue approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erisu @dpogue