Hello Marcel. Interesting scenario here. I'm not an expert on this topic, but loading remote web artifacts that have native access looks very insecure to me. Whether it is possible? Yeah, maybe... But is it advisable and, more important, recommended by the Cordova experts community? I'd like to say no just for the sake of security.
Of course, I might be just talking crazy here and would like to know what the community thinks about it. 2014-08-01 12:23 GMT-05:00 Marcel Kinard <cmarc...@gmail.com>: > I've been getting occasional questions about users trying to use > remotely-loaded (non-local) HTML pages with Cordova (in the webview, not > InAppBrowser), and still expecting to have access to the plugin APIs > (camera is a popular one). My response so far is: "This is an unsupported > configuration, because Cordova was not designed for this and the community > does no testing of this configuration. While it can work in some > circumstances, it is not recommended nor supported." > > My definition of "unsupported" is not that it is incapable, but that we > don't claim that it is supposed to work, and more importantly, we won't > actively fix user-submitted defects on this topic. > > The main concern I have on this is same origin policy, and matching the > remotely-served cordova.js with the locally-installed native Cordova > platform to avoid version mismatch. > > Do you think I'm out in-the-weeds on this, or do you agree? > > If you agree, what would you think of a blurb in cordova-docs somewhere > that captures this gist? > > Thanks for your feedback! -- Victor Adrian Sosa Herrera IBM Software Engineer Guadalajara, Jalisco
