Uploaded image for project: 'Apache Cordova'
  1. Apache Cordova
  2. CB-10709

Allow-navigation rule for iFrame urls on cordova-ios

    XMLWordPrintableJSON

Details

    Description

      Currently with Whitelist plugin set to <allow-navigation="://domain.com/"> doesn't allow navigation to other domains including urls embedded using iframe on iOS.
      EG: If I tried to embed a youtube video using iframe tag with only this rule <allow-navigation="://domain.com/">, it doesn't allow loading of the video in iframe as youtube.com is not listed in allowed domains.
      If we add <allow-navigation="://youtube.com/"> it allows the loading of iframe but will also allow navigation to youtube.com using Javascript i.e window.open('http://youtube.com').

      With current implementation in cordova-ios, I'm not sure if there is any solution to allow a domain navigation in iframe and not allow navigation to that domain using other methods like javascript.

      Android ignores the allow-navigation rule for iframe loaded urls, so iOS should be modified to behave the same?

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CB-12455 iframes are governed by whitelist as well, not just top-level navigations

          • Major - Major loss of function.
          • Open

          Activity

            People

              shazron Shazron Abdullah
              harshabonthu Harsha Kiran
              Votes:
              5 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated: