fix: accept file cookies only if AndroidInsecureFileModeEnabled (#1449)

apache · Jun 29, 2022 · 2d2ad4c · 2d2ad4c
1 parent 26b2121
commit 2d2ad4c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/framework/src/org/apache/cordova/engine/SystemCookieManager.java b/framework/src/org/apache/cordova/engine/SystemCookieManager.java
@@ -19,8 +19,6 @@ Licensed to the Apache Software Foundation (ASF) under one
 
 package org.apache.cordova.engine;
 
-import android.annotation.TargetApi;
-import android.os.Build;
 import android.webkit.CookieManager;
 import android.webkit.WebView;
 
@@ -35,10 +33,14 @@ public SystemCookieManager(WebView webview) {
         webView = webview;
         cookieManager = CookieManager.getInstance();
 
-        cookieManager.setAcceptFileSchemeCookies(true);
         cookieManager.setAcceptThirdPartyCookies(webView, true);
     }
 
+    @SuppressWarnings("deprecation")
+    public void setAcceptFileSchemeCookies() {
+        cookieManager.setAcceptFileSchemeCookies(true);
+    }
+
     public void setCookiesEnabled(boolean accept) {
         cookieManager.setAcceptCookie(accept);
     }

diff --git a/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java b/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java
@@ -165,6 +165,7 @@ private void initWebViewSettings() {
             LOG.d(TAG, "Enabled insecure file access");
             settings.setAllowFileAccess(true);
             settings.setAllowUniversalAccessFromFileURLs(true);
+            cookieManager.setAcceptFileSchemeCookies();
         }
 
         settings.setMediaPlaybackRequiresUserGesture(false);