Cordova 5.0.0 and later provides a plugin named cordova-plugin-whitelist. This plugin is added by default when you create a new Cordova app. The plugin lets you specify the location from which a page can load its dynamic resources, the locations it can communicate with, and the intents it can use.

If you create a custom SAP Fiori client, you can use the Cordova whitelist as an additional, complementary security measure to prevent unauthorized access to the plugin APIs.