Domain whitelisting is a security model that controls access to
outside domains, such as http://google.com. Apache Cordova's
default security policy allows access to any site. Before moving your
application to production, you should review its whitelist and declare
access to specific network domains and subdomains.
Domain whitelisting lays the groundwork for the W3C Widget Access specification. In the Widget Access specification, the element is used to declare access to specific network domains. In the future, Apache Cordova will abstract the platform whitelisting implementations to the W3C Widget Access specification. However, for now each platform must implement its own domain whitelisting.
Access to google.com:
http://google.com
Access to the secure google.com (https://):
https://google.com
Access to the subdomain maps.google.com:
http://maps.google.com
Access to all the subdomains on google.com (e.g. mail.google.com and docs.google.com):
http://*.google.com
Access to all domains (e.g. google.com and developer.mozilla.org):
*
Details
The whitelisting rules are found in res/xml/config.xml and declared
with the element .
Android fully supports whitelisting syntax.
Syntax
Access to google.com:
Details
The whitelisting rules are found in www/config.xml and declared with the element .
Syntax
Access to google.com:
Access to all the subdomains on google.com:
Access to all domains, including file:// protocol:
Details
The whitelisting rules are found in AppName/config.xml and declared with the element .
iOS fully supports whitelisting syntax.
NOTE: origins specified without a protocol, such as
www.apache.org rather than http://www.apache.org, default to all
of the http, https, ftp, and ftps schemes.
Syntax
Wildcards on iOS (*) are more flexible than the W3C Widget Access specification.
Access to all subdomains and TLDs (.com, .net, etc):
*.google.*
The whitelisting rules are found in config.xml and declared with the element .
Android fully supports whitelisting syntax.
Syntax
Access to google.com:
Details
The application root directory's config.xml file specifies domain
whitelisting rules, using the element.
For a complete reference, see the [Tizen Accessing External Network Resources documentation][10].
Syntax
Access to google.com:
Access to the secure google.com (https://):
Access to all the subdomains on google.com:
Access to all domains, including file:// protocol: