No Bridge is a security feature that prevents access to all nonessential plugins in SAP Fiori Client if the WebView URL has a different host than the Fiori URL specified in the application settings. You can permit additional domains to access the plugins by using the nobridgewhitelist configuration property.

The No Bridge security feature is available with the following minimum releases:

• iOS and Android: SAP Fiori Client 1.5 / custom SAP Fiori Client built with SDK 3.0 SP10

• Windows: SAP Fiori Client 1.6

Prior to this security enhancement, it was possible for any page to be loaded by the WebView, and that page would then have access to the APIs provided by the plugins in SAP Fiori Client (such as Camera or Geolocation).

With the No Bridge security enhancement, if the WebView does not originate from a Fiori URL, the policy returns a null object instead of the plugin object. So, for example, if an application in a third-party WebView tries to access the plugin, it encounters an error instead.

The following mandatory plugins are always available, irrespective of the URL:

• Logger: to ensure that debugging information is not lost.

• Toolbar: to ensure that navigation buttons can be used. (Settings will not work.)

• CoreAndroid

• Whitelist: enabled to not disturb any whitelist checking.

• Device: device functionality may be used as it does not contain any secure information.

<key>DisableNoBridge</key>
<true/>