You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by er...@apache.org on 2021/09/07 10:52:31 UTC
[cordova-android] branch master updated: fix(PluginManager):
AllowBridgeAccess default policy to handle scheme & hostname (#1332)
This is an automated email from the ASF dual-hosted git repository.
erisu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cordova-android.git
The following commit(s) were added to refs/heads/master by this push:
new 7a67e00 fix(PluginManager): AllowBridgeAccess default policy to handle scheme & hostname (#1332)
7a67e00 is described below
commit 7a67e00b9fefeece582b0b68a8cbc1c4ab6d2ea8
Author: エリス <er...@users.noreply.github.com>
AuthorDate: Tue Sep 7 19:52:23 2021 +0900
fix(PluginManager): AllowBridgeAccess default policy to handle scheme & hostname (#1332)
---
.../src/org/apache/cordova/AllowListPlugin.java | 5 -----
.../src/org/apache/cordova/PluginManager.java | 26 +++++++++++++++++++++-
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/framework/src/org/apache/cordova/AllowListPlugin.java b/framework/src/org/apache/cordova/AllowListPlugin.java
index 3333180..328a9b8 100644
--- a/framework/src/org/apache/cordova/AllowListPlugin.java
+++ b/framework/src/org/apache/cordova/AllowListPlugin.java
@@ -82,11 +82,6 @@ public class AllowListPlugin extends CordovaPlugin {
if (strNode.equals("content")) {
String startPage = xml.getAttributeValue(null, "src");
allowedNavigations.addAllowListEntry(startPage, false);
-
- // Allow origin for WebViewAssetLoader
- if (!this.prefs.getBoolean("AndroidInsecureFileModeEnabled", false)) {
- allowedNavigations.addAllowListEntry("https://" + this.prefs.getString("hostname", "localhost"), false);
- }
} else if (strNode.equals("allow-navigation")) {
String origin = xml.getAttributeValue(null, "href");
if ("*".equals(origin)) {
diff --git a/framework/src/org/apache/cordova/PluginManager.java b/framework/src/org/apache/cordova/PluginManager.java
index 3728879..4df978f 100755
--- a/framework/src/org/apache/cordova/PluginManager.java
+++ b/framework/src/org/apache/cordova/PluginManager.java
@@ -41,6 +41,12 @@ import android.os.Build;
*/
public class PluginManager {
private static String TAG = "PluginManager";
+
+ // @todo same as ConfigXmlParser. Research centralizing ideas, maybe create CordovaConstants
+ private static String SCHEME_HTTPS = "https";
+ // @todo same as ConfigXmlParser. Research centralizing ideas, maybe create CordovaConstants
+ private static String DEFAULT_HOSTNAME = "localhost";
+
private static final int SLOW_EXEC_WARNING_THRESHOLD = Debug.isDebuggerConnected() ? 60 : 16;
// List of service entries
@@ -367,6 +373,24 @@ public class PluginManager {
}
/**
+ * @todo should we move this somewhere public and accessible by all plugins?
+ * For now, it is placed where it is used and kept private so we can decide later and move without causing a breaking change.
+ * An ideal location might be in the "ConfigXmlParser" at the time it generates the "launchUrl".
+ *
+ * @todo should we be restrictive on the "file://" return? e.g. "file:///android_asset/www/"
+ * Would be considered as a breaking change if we apply a more granular check.
+ */
+ private String getLaunchUrlPrefix() {
+ if (!app.getPreferences().getBoolean("AndroidInsecureFileModeEnabled", false)) {
+ String scheme = app.getPreferences().getString("scheme", SCHEME_HTTPS).toLowerCase();
+ String hostname = app.getPreferences().getString("hostname", DEFAULT_HOSTNAME);
+ return scheme + "://" + hostname + '/';
+ }
+
+ return "file://";
+ }
+
+ /**
* Called when the webview is going to request an external resource.
*
* This delegates to the installed plugins, and returns true/false for the
@@ -452,7 +476,7 @@ public class PluginManager {
}
// Default policy:
- return url.startsWith("file://");
+ return url.startsWith(getLaunchUrlPrefix());
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org