Re: [Crosswalk-help] Regarding settings for webview

[rajesh.c.babu]

Hi,

                Basically I need to fetch data from cloud end, returns data in 
JSON Format.

                I am fetching files from cloudant.com by passing a username and 
password, hope you are aware of cloudant.com ??

From: Zhu, Yongsheng [mailto:yongsheng....@intel.com]
Sent: 26 March 2014 12:33
To: Babu, Rajesh C.; crosswalk-help@lists.crosswalk-project.org
Cc: Maclean, Daniel; Edens, Richard
Subject: RE: Regarding settings for webview

Which remote site do you need to exchange the data via AJAX?  I guess it's a 
remoted server, right?

Yongsheng

From: rajesh.c.b...@accenture.com<mailto:rajesh.c.b...@accenture.com> 
[mailto:rajesh.c.b...@accenture.com]
Sent: Wednesday, March 26, 2014 2:58 PM
To: Zhu, Yongsheng; 
crosswalk-help@lists.crosswalk-project.org<mailto:crosswalk-help@lists.crosswalk-project.org>
Cc: daniel.macl...@accenture.com<mailto:daniel.macl...@accenture.com>; 
richard.ed...@accenture.com<mailto:richard.ed...@accenture.com>
Subject: RE: Regarding settings for webview

Hi,

                Still throwing the same Access-control-origin-error . even 
after adding,

                Connect-src 'self' :(

From: Zhu, Yongsheng [mailto:yongsheng....@intel.com]
Sent: 26 March 2014 07:01
To: Babu, Rajesh C.; 
crosswalk-help@lists.crosswalk-project.org<mailto:crosswalk-help@lists.crosswalk-project.org>
Cc: Maclean, Daniel; Edens, Richard
Subject: RE: Regarding settings for webview

Hi,
If it's for AJAX, would you please try you to use 'connect-src' instead of 
'script-src'? See the explanation:
connect-src

'self'

Applies to XMLHttpRequest (AJAX), WebSocket orEventSource. If not allowed the 
browser emulates a 400HTTP status code.


You can also see the description and examples about CSP here:
http://content-security-policy.com/

Yongsheng

From: rajesh.c.b...@accenture.com<mailto:rajesh.c.b...@accenture.com> 
[mailto:rajesh.c.b...@accenture.com]
Sent: Tuesday, March 25, 2014 7:47 PM
To: Zhu, Yongsheng; 
crosswalk-help@lists.crosswalk-project.org<mailto:crosswalk-help@lists.crosswalk-project.org>
Cc: daniel.macl...@accenture.com<mailto:daniel.macl...@accenture.com>; 
richard.ed...@accenture.com<mailto:richard.ed...@accenture.com>
Subject: RE: Regarding settings for webview

Hi,

     I just tried giving
"content_security_policy": "script-src 'self' https://example.service.com";

Even then its not allowing files to be accessed from that URL :( .  I used 
cross walk 5 as suggested .


From: Babu, Rajesh C.
Sent: 25 March 2014 15:32
To: 'Zhu, Yongsheng'; 
crosswalk-help@lists.crosswalk-project.org<mailto:crosswalk-help@lists.crosswalk-project.org>
Cc: Maclean, Daniel; Edens, Richard
Subject: RE: Regarding settings for webview

Hi,

                Thanks for your response. So If I want to allow any URL 
accessing without any hindrance. What should be the setting of 
'content_security_policy' ? , I am not able to find solid result, Has anyone 
tried it before ?

From: Zhu, Yongsheng [mailto:yongsheng....@intel.com]
Sent: 24 March 2014 11:21
To: Babu, Rajesh C.; 
crosswalk-help@lists.crosswalk-project.org<mailto:crosswalk-help@lists.crosswalk-project.org>
Subject: RE: Regarding settings for webview

Rajesh,
This setting will disable the web security  mechanism for all origins so it is 
very risky to enable that by default. If you want to enable Ajax calls for 
different origins, I suggest you use manifest.json and its field 
'content_security_policy' which can define CSP policy for web application. It's 
supported since Crosswalk-5.

To understand how to use it, find the doc here:
https://crosswalk-project.org/#wiki/Crosswalk-manifest

Yongsheng

From: Zhu, Yongsheng
Sent: Monday, March 24, 2014 9:52 AM
To: 'rajesh.c.b...@accenture.com'; 
crosswalk-help@lists.crosswalk-project.org<mailto:crosswalk-help@lists.crosswalk-project.org>
Subject: RE: Regarding settings for webview

Hi, Rajesh
Glad to see you can fix this by setting 'setAllowUniversalAccesFromFileUrls'. 
I'm sorry we don't expose this kind of settings in the side for RuntimeView. 
However, it's reasonable for me to enable it by default and we would like to 
fix it in Crosswalk-5 beta. Before it's landed, as an alternative, could you 
please try with Cordova-Crosswalk? You can add this setting in it:
https://crosswalk-project.org/#wiki/crosswalk-cordova-android

Yongsheng

From: Crosswalk-help 
[mailto:crosswalk-help-boun...@lists.crosswalk-project.org] On Behalf Of 
rajesh.c.b...@accenture.com<mailto:rajesh.c.b...@accenture.com>
Sent: Friday, March 21, 2014 5:49 PM
To: 
crosswalk-help@lists.crosswalk-project.org<mailto:crosswalk-help@lists.crosswalk-project.org>
Subject: [Crosswalk-help] Regarding settings for webview

Hi,
I am Rajesh Babu, I built an .apk for a html app using Crosswalk-Project 
Documentation on Crosswalk 3 version.
My App basically requires to make Ajax Calls, But I am getting an error like 
access-control-allow-origin header on android device, this would normally be 
rectified if I use

webView.getSettings().setAllowUniversalAccesFromFileUrls(true) on the native 
side .

How do I make the same setting on the getRuntimeView() ???

________________________________

This message is for the designated recipient only and may contain privileged, 
proprietary, or otherwise confidential information. If you have received it in 
error, please notify the sender immediately and delete the original. Any other 
use of the e-mail by you is prohibited. Where allowed by local law, electronic 
communications with Accenture and its affiliates, including e-mail and instant 
messaging (including content), may be scanned by our systems for the purposes 
of information security and assessment of internal compliance with Accenture 
policy.
______________________________________________________________________________________

www.accenture.com<http://www.accenture.com>

_______________________________________________
Crosswalk-help mailing list
Crosswalk-help@lists.crosswalk-project.org
https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help