Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: App crash when adding Basic Auth to server.url in Capacitor 6.0 #7327

Open
1 of 3 tasks
patrik-skilling opened this issue Mar 9, 2024 · 2 comments
Open
1 of 3 tasks

[Bug]: App crash when adding Basic Auth to server.url in Capacitor 6.0 #7327

patrik-skilling opened this issue Mar 9, 2024 · 2 comments
Labels
triage

Comments

@patrik-skilling
Copy link

Capacitor Version

馃拪   Capacitor Doctor  馃拪 

Latest Dependencies:

  @capacitor/cli: 5.7.2
  @capacitor/core: 5.7.2
  @capacitor/android: 5.7.2
  @capacitor/ios: 5.7.2

Installed Dependencies:

  @capacitor/ios: 6.0.0-rc.0
  @capacitor/cli: 6.0.0-rc.0
  @capacitor/android: 6.0.0-rc.0
  @capacitor/core: 6.0.0-rc.0

[success] Android looking great! 馃憣

Other API Details

No response

Platforms Affected

  • iOS
  • Android
  • Web

Current Behavior

When adding Basic Auth to server.url app crash and you get an stacktrace that says IllegalArgumentException: allowedOriginRules https://{BasicAuth}/{Domain} is invalid. I know this works well in Capacitor 5.0 with previous versions.

See screenshot

stacktrace

Expected Behavior

App should load when server url includes Basic Auth. If it's intended that Basic Auth will not be allowed please respond with reason for the change.

Project Reproduction

https://github.com/patrik-skilling/public-capacitor-6-basic-auth-demo

Additional Information

No response
@patrik-skilling
Copy link
Author

patrik-skilling commented Mar 9, 2024
edited

I am guessing you also want to remove the Basic Auth string from the Uri before loading the WebView.
Or rewrite the allowedOrigin to look at Location or similar instead.

    private void loadWebView() {
        final boolean html5mode = this.config.isHTML5Mode();
        // Start the local web server
        JSInjector injector = getJSInjector();
        if (WebViewFeature.isFeatureSupported(WebViewFeature.DOCUMENT_START_SCRIPT)) {
            WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(appUrl));
            String allowedOrigin = appUrl;
            Uri appUri = Uri.parse(appUrl);
            if (appUri.getPath() != null) {
                // Remove paths in uri
                allowedOrigin = appUri.toString().replace(appUri.getPath(), "");
                // Remove Basic Auth string (pseudo code)
                allowedOrigin = appUri.toString().replace(appUri['Basic Auth'], "");
            }
            WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(allowedOrigin));
            injector = null;
        }

@patrik-skilling
Copy link
Author

Here is the code fix I made to solve it locally:

private void loadWebView() {
    final boolean html5mode = this.config.isHTML5Mode();

    // Start the local web server
    JSInjector injector = getJSInjector();
    if (WebViewFeature.isFeatureSupported(WebViewFeature.DOCUMENT_START_SCRIPT)) {
        Uri appUri = Uri.parse(appUrl);
        String scheme = appUri.getScheme() + "://";
        String host = appUri.getHost(); 
        String allowedOrigin = scheme + host;
        WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(allowedOrigin));
        injector = null;
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@patrik-skilling