All api's are available to embedded content, regardless of config.xml
App is a local index.html with app api's whitelisted, embedded iframe
with no api's allowed (think of an rss reader app)
The embedded content has access to any api the app has.
@kwallis - fill in the details on what you want the behavior to be for remote url vs. local url
different domains is a better question.
Here is the problem, there is no way to find out from that if a NetworkResourceRequest came from an iFrame or original page. So I will be opening a PR.
Changes a webview's requests to use the referrer from the
NetworkResourceRequestedEvent instead of originalLocation.
Reviewed By: Jeffrey Heifetz <firstname.lastname@example.org>
Tested By: Igor Shneur <email@example.com>