Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(iOS) Reinstate verification of main navigation in case of navigationType other #1023

Merged
merged 1 commit into from
Nov 25, 2020
Merged

(iOS) Reinstate verification of main navigation in case of navigationType other #1023

merged 1 commit into from
Nov 25, 2020

Conversation

terje
Copy link
Contributor

@terje terje commented Nov 11, 2020
edited
Loading

Platforms affected

Cordova iOS

Motivation and Context

The PR that dropped UIWebView in favour of WKWebView (#773) introduced a bug that makes it so that iframe loads potentially jump out of the app and to Safari.

The current behavior is a problem for instance with Google Tag Manager. GTM might insert an iframe on the page with a source of https://adservice.google.com, or indeed any other country Google domain, depending on where the user is. This request would be sent out from the app and to Safari with the current implementation. Since the country domain might vary, it is impossible to approve this navigation in the <allow-navigation /> list in order to keep it within the app.

Description

This PR reinstates a verification that if the navigation type is other (for instance an iframe) we verify that the navigation is actually happening in the main URL bar and not in an iframe before allowing the URL to be forwarded out of the app.

Testing

I have made this change in my own app and verified that the behavior is the same as with Cordova iOS 5, before this change was introduced in Cordova iOS 6.

This issue seems very similar: #988

I have not added tests for this change. This plugin has no tests covering it today.

Checklist

  • I've run the tests to see all new and existing tests pass
  • I added automated test coverage as appropriate for this change
  • Commit is prefixed with (platform) if this change only applies to one platform (e.g. (android))
  • If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct keyword to close issues using keywords)
  • I've updated the documentation if necessary

@terje terje marked this pull request as ready for review November 11, 2020 09:45
@codecov-io
Copy link

codecov-io commented Nov 11, 2020
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@e92f653). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #1023   +/-   ##
=========================================
  Coverage          ?   74.91%           
=========================================
  Files             ?       13           
  Lines             ?     1718           
  Branches          ?        0           
=========================================
  Hits              ?     1287           
  Misses            ?      431           
  Partials          ?        0
Impacted Files Coverage Δ
bin/templates/scripts/cordova/lib/PodsJson.js 95.04% <0.00%> (ø)
bin/templates/scripts/cordova/Api.js 71.53% <0.00%> (ø)
bin/templates/scripts/cordova/lib/prepare.js 85.00% <0.00%> (ø)
bin/templates/scripts/cordova/lib/check_reqs.js 46.93% <0.00%> (ø)
...emplates/scripts/cordova/lib/listEmulatorImages.js 100.00% <0.00%> (ø)
...ates/scripts/cordova/lib/plugman/pluginHandlers.js 90.05% <0.00%> (ø)
bin/templates/scripts/cordova/lib/Podfile.js 73.20% <0.00%> (ø)
bin/templates/scripts/cordova/lib/versions.js 100.00% <0.00%> (ø)
bin/templates/scripts/cordova/lib/listDevices.js 100.00% <0.00%> (ø)
bin/templates/scripts/cordova/lib/build.js 51.87% <0.00%> (ø)
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e92f653...7dd26bf. Read the comment docs.

@amjadyahya1 amjadyahya1 mentioned this pull request Nov 19, 2020
Closed
@dpogue dpogue added this to the 6.1.2 milestone Nov 25, 2020
@dpogue dpogue merged commit 8d7845a into apache:master Nov 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpogue dpogue dpogue approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
6.2.0
Development

Successfully merging this pull request may close these issues.
3 participants
@terje @codecov-io @dpogue