Quantcast
Channel: Ionic Framework - Ionic Forum
Viewing all articles
Browse latest Browse all 48981

Domain whitelisting in ionic 5 with capacitor and angular

$
0
0

We did a VAPT assessment and we were informed about this issue after the assessment

“While using PhoneGap/Cordova to develop an application, always try to whitelist the URL via which it connects. Without Domain Whitelisting, an attacker can load any domain in an iframe and any script on that page within the iframe can directly access Cordova JavaScript objects and the corresponding native Java objects”

For this they are suggesting to make changes in android/app/src/main/res/xml/config.xml this file from <access origin="*" /> to something like this
<access origin=" domain1.com , domain2.com " /> .
But we use too many other clients’ libraries for data analysis purposes, we can’t add all the domains here.
Is there any better solution or anyone solved it in another way?

1 post - 1 participant

Read full topic


Viewing all articles
Browse latest Browse all 48981

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>