Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(PluginManager): AllowBridgeAccess default policy to handle scheme & hostname #1332

Merged
merged 3 commits into from
Sep 7, 2021
Merged

fix(PluginManager): AllowBridgeAccess default policy to handle scheme & hostname #1332

merged 3 commits into from
Sep 7, 2021

Conversation

erisu
Copy link
Member

@erisu erisu commented Aug 31, 2021
edited
Loading

Motivation and Context

fixes: #1328
fixes: apache/cordova-plugin-device#118

Description

Update how the PluginManager handles the default policy.

  • If AndroidInsecureFileModeEnabled is true, then the default policy is file://
  • If AndroidInsecureFileModeEnabled is false, then the default policy is the combination of the scheme & hostname.
    • The default scheme is: https
    • The default hostname is: localhost
    • If the user changes any of these values, it will be used.

Testing

  • Creating Project
  • Adding Platform
  • Adding Device Plugin
  • Changing scheme to http
  • Changing hostname to apache.org
  • Setting AndroidInsecureFileModeEnabled to true

Additional Notes

I also tested a solution that added the fix to the AllowListPlugin class. fa5b228

This is where @NiklasMerz originally the code. The issue is that is was written in the config parser step. The config parser has not fully parse everything, e.g. the preferences, and therefore always picked the default values.

If we wanted to keep the login inside the AllowListPlugin file, we would have to move it to the pluginInitialize method, after the config parser has been completed.

The question really comes down to, where it should reside?

  • The PluginManager, is where the default policy is defined.
  • The AllowListPlugin is where we parse the user's custom-defined allow-navigation, allow-intent, access, and content.

IMO the PluginManager sounded better. Previously the default policy was file:// but since WebViewAssetLoader was added and default should now be https://localhost. But also, since users can change the launch URL to either file or default/custom scheme+hostname, it seems maybe the default policy should be a bit flexible.

Checklist

  • I've run the tests to see all new and existing tests pass

@codecov-commenter
Copy link

codecov-commenter commented Aug 31, 2021
edited
Loading

Codecov Report

Merging #1332 (ac36705) into master (dc4e065) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1332   +/-   ##
=======================================
  Coverage   73.15%   73.15%           
=======================================
  Files          21       21           
  Lines        1643     1643           
=======================================
  Hits         1202     1202           
  Misses        441      441

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update dc4e065...ac36705. Read the comment docs.

NiklasMerz
NiklasMerz approved these changes Aug 31, 2021
View reviewed changes
Copy link
Member

@NiklasMerz NiklasMerz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM. I agree that this is a better place to set these settings.

I didn't like how this was implemented in the allow list plugin and config parser.

I did a quick test in my test project for apache/cordova-plugin-device#118 and this issues seems to be solved. Similar to #1328

@NiklasMerz NiklasMerz mentioned this pull request Aug 31, 2021
Closed
@erisu erisu merged commit 7a67e00 into apache:master Sep 7, 2021
@erisu erisu deleted the fix/allow-navigation-by-scheme branch September 7, 2021 10:52
@erisu erisu added this to the 10.1.1 milestone Sep 13, 2021
@jcesarmobile jcesarmobile mentioned this pull request Sep 14, 2021
Closed
3 tasks
wedgberto pushed a commit to wedgberto/cordova-android that referenced this pull request May 17, 2022
@erisu @wedgberto
fix(PluginManager): AllowBridgeAccess default policy to handle scheme…
491af91 
… & hostname (apache#1332)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcesarmobile jcesarmobile jcesarmobile approved these changes

@NiklasMerz NiklasMerz NiklasMerz approved these changes

@dpogue dpogue Awaiting requested review from dpogue

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
10.1.1
4 participants
@erisu @codecov-commenter @jcesarmobile @NiklasMerz