Hi Stéphane, there is a newer version of cordova-android available: 7.x.x - currently 7.1.4. That means that we, the volunteer development team, won't do any more updates to the 6.x branch. So even if we implement any new features here, they will only get released for 7.x. Any particular reason why you are still using 6.4.0? The plugin compatibility got much better in the last few releases, maybe try 7.1.4 if it works for you.
That being said, the only thing regarding file access seems to be here: https://github.com/apache/cordova-android/blob/c0c3b769f2260870d90da75965985070831dcd1d/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java#L184 This is not configurable in any way right now. Did I understand correctly that you are asking for https://developer.android.com/reference/android/webkit/WebSettings.html#setAllowFileAccess(boolean)? Can you maybe elaborate a bit on "we don't use this feature that may introduce security issue."? Maybe this is worth being implemented generally. Best, Jan PS: I have no experience if or if not this is possible to be changed in a plugin - someone else has to weigh in on that. Am Di., 4. Dez. 2018 um 14:38 Uhr schrieb MALEYRIE Stephane (AIM Services) <prestataire.stephane.maley...@ca-titres.fr>: > > Hello, > > After an Android security audit, we need to disable in the WebView, the > WebSettings attributes "AllowFileAccess" because we don't use this feature > that may introduce security issue. > > I'm developing an ionic3 application based on Cordova-android 6.4.0 > > The Webview initialisation code seems to be here : > org.apache.cordova.engine.SystemWebViewEngine > All the attributes setting like AllowFileAccess are in the > initWebViewSettings method > (https://github.com/apache/cordova-android/blob/6.4.x/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java#L147). > How can I change the settings for AllowFileAccess without editing the code ? > Is it possible to implements something, so i can configure WebSettings in > config.xml for exemple, or elsewhere ? > I can simply edit the java code of the class in the platform android, after > the cordova add platform, and before to build the apk. > But i think it would be better if we can configure it in an other way. > Or maybe, it could be done with a cordova-plugin ? > I tried myself, but failed, to retrieve the WebSettings of the original > android.webkit.WebView from the CordovaWebView... > > Thanks for your help > > Stéphane --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
