Re: Whitelist defaults

2012-11-06 Thread Andrew Grieve
Adding * by default SGTM. Having separate debug/release whitelists sounds dangerous though. You don't want your app to work in debug mode and then be broken when you release it. On Mon, Nov 5, 2012 at 7:26 PM, Anis KADRI anis.ka...@gmail.com wrote: I confirm that Android also uses config.xml.

Re: Whitelist defaults

2012-11-06 Thread Kevin Hawkins
Yeah, it's something we take care with in our implementation. Primarily, we use the separation to include things wholesale in Debug that we don't want in Release, such as TestFlight, and other performance gathering code that is disabled in release builds. On Tuesday, November 6, 2012, Andrew

Re: Whitelist defaults

2012-11-05 Thread Shazron
We've had the discussion. So what is the decision/consensus? Leave as is, or add * to default settings for all, with a warning in the console log? On Fri, Nov 2, 2012 at 11:33 AM, Joe Bowser bows...@gmail.com wrote: On Fri, Nov 2, 2012 at 10:59 AM, Shazron shaz...@gmail.com wrote: Echoing

Re: Whitelist defaults

2012-11-05 Thread Anis KADRI
I guess the consensus is to whitelist everything (*) all the time. My opinion is that there should be some dev mode where (*) is set and then a release mode where you'd specify your hosts. On Mon, Nov 5, 2012 at 3:11 PM, Shazron shaz...@gmail.com wrote: We've had the discussion. So what is

Re: Whitelist defaults

2012-11-05 Thread Jesse
I have relaxed my position, as I can work around whatever the choice is. It might be prudent to ask our users though. On Mon, Nov 5, 2012 at 3:22 PM, Anis KADRI anis.ka...@gmail.com wrote: I guess the consensus is to whitelist everything (*) all the time. My opinion is that there should be

Re: Whitelist defaults

2012-11-02 Thread Jesse
white lists everything. We don't do that in WebWorks ;) From: Steven Gill To: dev@cordova.apache.org Reply To: dev@cordova.apache.org Re: Whitelist defaults 2012-11-01 10:30:42 PM +1 to point it out in the getting started guides. On Nov 1, 2012 6:35 PM, Marcel Kinard wrote

Re: Whitelist defaults

2012-11-02 Thread Joe Bowser
On Fri, Nov 2, 2012 at 10:55 AM, Lorin Beer lorin.beer@gmail.com wrote: BriBri Say This is off topic, but I think this is the first time I've seen Brian called this on the list.

Re: Whitelist defaults

2012-11-01 Thread Dave Johnson
Yup agree it should whitelist nothing but it also needs to be very clear in the log when we block a request that it's due to the whitelist. On Thursday, November 1, 2012, Shazron wrote: I concur with Kevin. It won't be much of a whitelist if no one uses it -- I would argue that if you set it