diff --git a/docs/pages/phonegap.html b/docs/pages/phonegap.html index 836f3e51..12ed4d82 100644 --- a/docs/pages/phonegap.html +++ b/docs/pages/phonegap.html @@ -30,7 +30,7 @@

First, your initial application document is loaded by the PhoneGap application by a file:// URL. This means that if you want to pull in pages from your company's remote server (phone home) you will have to refer to them with absolute URLs to your server. Because your document originates from a file:// URL, loading pages or assets from your remote server is considered a cross-domain request.

-

Your ability to access cross-domain pages from within a Phone Gap jQuery Mobile application is controlled by 2 key things: $.support.cors and $.mobile.allowCrossDomainPages, and can also be influenced by the white list fueature in later builds of PhoneGap.

+

Your ability to access cross-domain pages from within a Phone Gap jQuery Mobile application is controlled by two key things: $.support.cors and $.mobile.allowCrossDomainPages, and can also be influenced by the white list feature in later builds of PhoneGap.

$.support.cors

@@ -40,9 +40,9 @@

$.mobile.allowCrossDomainPages

-

When jQuery Mobile attempts to load an external page, the request runs through $.mobile.loadPage(). This will only allow cross-domain requests if the $.mobile.allowCrossDomainPages configuration option is set to true. Because the jQuery Mobile framework tracks what page is being viewed within the browser's location hash, it is possible for an XSS attack to occur if the XSS code in question can manipulate the hash and set it to a cross-domain URL of it's choice. This is the main reason that the default setting for $.mobile.allowCrossDomainPages is set to false.

+

When jQuery Mobile attempts to load an external page, the request runs through $.mobile.loadPage(). This will only allow cross-domain requests if the $.mobile.allowCrossDomainPages configuration option is set to true. Because the jQuery Mobile framework tracks what page is being viewed within the browser's location hash, it is possible for a cross-site scripting (XSS) attack to occur if the XSS code in question can manipulate the hash and set it to a cross-domain URL of its choice. This is the main reason that the default setting for $.mobile.allowCrossDomainPages is set to false.

-

So PhoneGap apps that must "phone home" by loading assets off a remote server, both the $.support.cors AND $.mobile.allowCrossDomainPages must be set to true. The $.mobile.allowCrossDomainPages option must set before any cross-domain request is made so we recommend wrapping this in a mobileinit handler:

+

So in PhoneGap apps that must "phone home" by loading assets off a remote server, both the $.support.cors AND $.mobile.allowCrossDomainPages must be set to true. The $.mobile.allowCrossDomainPages option must be set before any cross-domain request is made so we recommend wrapping this in a mobileinit handler:

$( document ).bind( "mobileinit", function() {
     // Make your jQuery Mobile framework configuration changes here!
@@ -52,9 +52,9 @@
 
 			
PhoneGap White Listing

 
-			
PhoneGap 1.0 introduced the idea of white-listing servers that it's internal WebView is allowed to make cross-domain requests to. You can find info about it here on the PhoneGap wiki:

+			
PhoneGap 1.0 introduced the idea of white-listing servers that its internal WebView is allowed to make cross-domain requests to. You can find info about it here on the PhoneGap wiki:

 
-			
However, not all platforms support this whitelisting feature so check the PhoneGap documentation for details. Older versions of PhoneGap prior to 1.0 defaulted to allowing cross-domain requests to any server.

+			
However, not all platforms support this white-listing feature so check the PhoneGap documentation for details. Older versions of PhoneGap prior to 1.0 defaulted to allowing cross-domain requests to any server.

 
 			
Still having issues?