Show TOC

No Bridge for Non-Fiori ContentLocate this document in the navigation structure

No Bridge is a security enhancement that prevents access to all nonessential plugins in SAP Fiori Client if the WebView URL has a different host than the Fiori URL specified in the application settings.

The security enhancement is available with the following minimum releases:

  • iOS and Android: SAP Fiori Client 1.5 / custom SAP Fiori Client built with SDK 3.0 SP10

Prior to this security enhancement, it was possible for any page to be loaded by the WebView, and that page would then have access to the APIs provided by the plugins in SAP Fiori Client (such as Camera or Geolocation).

With the No Bridge security enhancement, if the WebView does not originate from a Fiori URL, the policy returns a null object instead of the plugin object. So, for example, if an application in a third-party WebView tries to access the plugin, it encounters an error instead.

Note

Due to the No Bridge security enhancement, SAP Fiori Client does not support shortened URLs.

The following mandatory plugins are always available, irrespective of the URL:

  • Logger: to ensure that debugging information is not lost.

  • Toolbar: to ensure that navigation buttons can be used. (Settings will not work.)

  • CoreAndroid

  • Whitelist: enabled to not disturb any whitelist checking.

  • Device: device functionality may be used as it does not contain any secure information.

If you build a custom SAP Fiori Client, you can use the Cordova whitelist plugin as an additional security measure. For more information, see Cordova Whitelist.