SAP Fiori Client Guide

No Bridge for Non-Fiori Content

No Bridge is a security feature that prevents access to all nonessential plugins in SAP Fiori Client if the WebView URL has a different host than the Fiori URL specified in the application settings. You can permit additional domains to access the plugins by using the nobridgewhitelist configuration property.

The No Bridge security feature is available with the following minimum releases:

  • iOS and Android: SAP Fiori Client 1.5 / custom SAP Fiori Client built with SDK 3.0 SP10

  • Windows: SAP Fiori Client 1.6

Prior to this security enhancement, it was possible for any page to be loaded by the WebView, and that page would then have access to the APIs provided by the plugins in SAP Fiori Client (such as Camera or Geolocation).

With the No Bridge security enhancement, if the WebView does not originate from a Fiori URL, the policy returns a null object instead of the plugin object. So, for example, if an application in a third-party WebView tries to access the plugin, it encounters an error instead.

The following mandatory plugins are always available, irrespective of the URL:

  • Logger: to ensure that debugging information is not lost.

  • Toolbar: to ensure that navigation buttons can be used. (Settings will not work.)

  • CoreAndroid

  • Whitelist: enabled to not disturb any whitelist checking.

  • Device: device functionality may be used as it does not contain any secure information.

No Bridge Whitelist

By using the nobridgewhitelist configuration property, you can whitelist additional domains that can access the plugins provided by SAP Fiori Client, or disable the No Bridge feature entirely.

This property can be configured for SAP Fiori Client 1.7 or later, or for a custom SAP Fiori client built with SAP Mobile Platform 3.0 SDK SP12 or later.

For more information on how to define the whitelist, see Configuration Properties and Configuring SAP Fiori Client Using URL Query Parameters.

Temporarily Disabling No Bridge for iOS Client

If you build a custom SAP Fiori client for iOS, you can temporarily disable the No Bridge function by updating the <project>-Info.plist file with the following item: