If you have the local html files in Android APK which needs to exchange the data with cloudant.com, I think it's needed to set below in CSP string: connect-src 'cloudant.com' If it doesn't still work, then it seems it's a bug in Crosswalk.
Yongsheng From: [email protected] [mailto:[email protected]] Sent: Wednesday, March 26, 2014 3:09 PM To: Zhu, Yongsheng; [email protected] Subject: RE: Regarding settings for webview Hi, Basically I need to fetch data from cloud end, returns data in JSON Format. I am fetching files from cloudant.com by passing a username and password, hope you are aware of cloudant.com ?? From: Zhu, Yongsheng [mailto:[email protected]] Sent: 26 March 2014 12:33 To: Babu, Rajesh C.; [email protected]<mailto:[email protected]> Cc: Maclean, Daniel; Edens, Richard Subject: RE: Regarding settings for webview Which remote site do you need to exchange the data via AJAX? I guess it's a remoted server, right? Yongsheng From: [email protected]<mailto:[email protected]> [mailto:[email protected]] Sent: Wednesday, March 26, 2014 2:58 PM To: Zhu, Yongsheng; [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: RE: Regarding settings for webview Hi, Still throwing the same Access-control-origin-error . even after adding, Connect-src 'self' :( From: Zhu, Yongsheng [mailto:[email protected]] Sent: 26 March 2014 07:01 To: Babu, Rajesh C.; [email protected]<mailto:[email protected]> Cc: Maclean, Daniel; Edens, Richard Subject: RE: Regarding settings for webview Hi, If it's for AJAX, would you please try you to use 'connect-src' instead of 'script-src'? See the explanation: connect-src 'self' Applies to XMLHttpRequest (AJAX), WebSocket orEventSource. If not allowed the browser emulates a 400HTTP status code. You can also see the description and examples about CSP here: http://content-security-policy.com/ Yongsheng From: [email protected]<mailto:[email protected]> [mailto:[email protected]] Sent: Tuesday, March 25, 2014 7:47 PM To: Zhu, Yongsheng; [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: RE: Regarding settings for webview Hi, I just tried giving "content_security_policy": "script-src 'self' https://example.service.com"; Even then its not allowing files to be accessed from that URL :( . I used cross walk 5 as suggested . From: Babu, Rajesh C. Sent: 25 March 2014 15:32 To: 'Zhu, Yongsheng'; [email protected]<mailto:[email protected]> Cc: Maclean, Daniel; Edens, Richard Subject: RE: Regarding settings for webview Hi, Thanks for your response. So If I want to allow any URL accessing without any hindrance. What should be the setting of 'content_security_policy' ? , I am not able to find solid result, Has anyone tried it before ? From: Zhu, Yongsheng [mailto:[email protected]] Sent: 24 March 2014 11:21 To: Babu, Rajesh C.; [email protected]<mailto:[email protected]> Subject: RE: Regarding settings for webview Rajesh, This setting will disable the web security mechanism for all origins so it is very risky to enable that by default. If you want to enable Ajax calls for different origins, I suggest you use manifest.json and its field 'content_security_policy' which can define CSP policy for web application. It's supported since Crosswalk-5. To understand how to use it, find the doc here: https://crosswalk-project.org/#wiki/Crosswalk-manifest Yongsheng From: Zhu, Yongsheng Sent: Monday, March 24, 2014 9:52 AM To: '[email protected]'; [email protected]<mailto:[email protected]> Subject: RE: Regarding settings for webview Hi, Rajesh Glad to see you can fix this by setting 'setAllowUniversalAccesFromFileUrls'. I'm sorry we don't expose this kind of settings in the side for RuntimeView. However, it's reasonable for me to enable it by default and we would like to fix it in Crosswalk-5 beta. Before it's landed, as an alternative, could you please try with Cordova-Crosswalk? You can add this setting in it: https://crosswalk-project.org/#wiki/crosswalk-cordova-android Yongsheng From: Crosswalk-help [mailto:[email protected]] On Behalf Of [email protected]<mailto:[email protected]> Sent: Friday, March 21, 2014 5:49 PM To: [email protected]<mailto:[email protected]> Subject: [Crosswalk-help] Regarding settings for webview Hi, I am Rajesh Babu, I built an .apk for a html app using Crosswalk-Project Documentation on Crosswalk 3 version. My App basically requires to make Ajax Calls, But I am getting an error like access-control-allow-origin header on android device, this would normally be rectified if I use webView.getSettings().setAllowUniversalAccesFromFileUrls(true) on the native side . How do I make the same setting on the getRuntimeView() ??? ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com<http://www.accenture.com>
_______________________________________________ Crosswalk-help mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
