<access origin="string" subdomains=["true" | "false"] />
The <access> element specifies that a BlackBerry WebWorks app can access external network resources. By default, if you do not specify an <access> element, an app has access to local resources only, which includes all resources packaged in the apps .bar file.
If you specify more than one <access> element, the most specific definition is used. For example, if you use http://somedomain.com and http://specific.somedomain.com, the <access> element that uses the first definition (and any features defined under it) is ignored.
As a best practice, you should protect your communication channel by using HTTPS when you expose sensitive APIs to the domain. For information about best practices on securing your app, see Accessing external resources.
Zero or more.
You can define the following attributes for this element:
Optional. The origin attribute defines the web address for the access request.
You can specify a wildcard (*) for the origin attribute to whitelist any domain, but only for domains that do not access content through XMLHttpRequest. If the domain accesses data through XMLHttpRequest, you must explicitly specify the domain for the origin attribute.
|uri||Deprecated. The uri attribute defines the web address for the access request. This attribute is only supported for backwards compatability. Going forward, you should use the origin attribute.|
Optional. The subdomains attribute is a Boolean value that specifies whether the host component in the access request applies to subdomains of the domain that is specified in the origin attribute.
By default, if you do not specify the value of the subdomains attribute, the value is set to false and no access to subdomains is requested.
The following example shows how to whitelist an external resource, in this case, the domain somedomain, as well as any subdomains.
<access origin="https://somedomain.com" subdomains="true"/>
Last modified: 2015-04-16