Explanation of the Juxtaposition whitelist (X-Nintendo-WhiteList)

How does the Juxtaposition whitelist work?

I know that it is configured in juxtaposition-ui with config.whitelist and sent as the header X-Nintendo-WhiteList. Here’s a portion of the value that’s sent from the official server:


What is this header’s purpose, and what is the syntax of this strange comma-and-pipe separated list with numbers?

Some WebKit apps like the eShop, Miiverse, etc. only allow certain domains to load content in the web view. This header is how you tell the app which domains can load content.

The exact structure isn’t 100% known, but it always starts with the number 1 followed by domain entries separated by pipe characters

The structure of the domain entry is always:

  • scheme
  • domain
  • always null
  • some number (observed values are 1, 2 and 6)

The number has an unknown purpose. It may be some sort of flag determining what kind of content can be loaded? We aren’t sure, but using 2 seems to work for everything so it’s what we use. Trying to use 1 will cause domains to fail at times, and the only time 6 has ever been observed is some Ubisoft CDN for the eShop