This is not configurable at the moment, if you want it to be considered, create a new thread where people can talk about it and vote.
But as Jan said, we won't back port it to previous versions, so in case people likes the idea and somebody send a PR that gets merged with the feature, it will only be available in future releases. Anyway, with proper usage of whitelist plugin, this theoretical vulnerability shouldn't affect your app. El mar., 4 dic. 2018 a las 15:19, Jan Piotrowski (<piotrow...@gmail.com>) escribió: > Hi Stéphane, > > there is a newer version of cordova-android available: 7.x.x - > currently 7.1.4. That means that we, the volunteer development team, > won't do any more updates to the 6.x branch. So even if we implement > any new features here, they will only get released for 7.x. > Any particular reason why you are still using 6.4.0? The plugin > compatibility got much better in the last few releases, maybe try > 7.1.4 if it works for you. > > That being said, the only thing regarding file access seems to be here: > > https://github.com/apache/cordova-android/blob/c0c3b769f2260870d90da75965985070831dcd1d/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java#L184 > This is not configurable in any way right now. > > Did I understand correctly that you are asking for > > https://developer.android.com/reference/android/webkit/WebSettings.html#setAllowFileAccess(boolean) > ? > Can you maybe elaborate a bit on "we don't use this feature that may > introduce security issue."? Maybe this is worth being implemented > generally. > > Best, > Jan > > PS: I have no experience if or if not this is possible to be changed > in a plugin - someone else has to weigh in on that. > Am Di., 4. Dez. 2018 um 14:38 Uhr schrieb MALEYRIE Stephane (AIM > Services) <prestataire.stephane.maley...@ca-titres.fr>: > > > > Hello, > > > > After an Android security audit, we need to disable in the WebView, the > WebSettings attributes "AllowFileAccess" because we don't use this feature > that may introduce security issue. > > > > I'm developing an ionic3 application based on Cordova-android 6.4.0 > > > > The Webview initialisation code seems to be here : > org.apache.cordova.engine.SystemWebViewEngine > > All the attributes setting like AllowFileAccess are in the > initWebViewSettings method ( > https://github.com/apache/cordova-android/blob/6.4.x/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java#L147 > ). > > How can I change the settings for AllowFileAccess without editing the > code ? > > Is it possible to implements something, so i can configure WebSettings > in config.xml for exemple, or elsewhere ? > > I can simply edit the java code of the class in the platform android, > after the cordova add platform, and before to build the apk. > > But i think it would be better if we can configure it in an other way. > > Or maybe, it could be done with a cordova-plugin ? > > I tried myself, but failed, to retrieve the WebSettings of the original > android.webkit.WebView from the CordovaWebView... > > > > Thanks for your help > > > > Stéphane > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org > >
