Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(AllowListPlugin): Safely handle default allow navigation policy in allow request #1342

Merged
merged 1 commit into from Sep 9, 2021
Merged

fix(AllowListPlugin): Safely handle default allow navigation policy in allow request #1342

merged 1 commit into from Sep 9, 2021

Conversation

jskrepnek
Copy link
Contributor

@jskrepnek jskrepnek commented Sep 8, 2021
edited

Motivation and Context

fixes: #1322

Description

shouldAllowRequest will throw an exception for all URLS that are not in the navigation allowed list. This change safely tests the result of shouldAllowNavigation, avoiding the exception and allowing for the execution to continue to see if the URL is in the request allowed list.

Testing

Incorporating this change into our project successfully allows expected network requests that previously were allowed with the whitelist plugin.

Checklist

  • I've run the tests to see all new and existing tests pass
  • If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct keyword to close issues using keywords)

@jskrepnek
Copy link
Contributor Author

@erisu I'm a bit confused as to why shouldAllowRequest calls shouldAllowNavigation in the first place.

My basic expectation is that shouldAllowNavigation would map to allow-navigation tags and shouldAllowRequest would map to access tags.

Haven't looked deeply, just wanted to confirm it was intended and curious why.

@erisu
Copy link
Member

erisu commented Sep 9, 2021

I would have to take a look at the code to try and figure it out myself.

I didnt write the original code. All I did was integrate the whitelist plugin as a core feature of the Cordova Android platform and renamed it to AllowList.

@jskrepnek
Copy link
Contributor Author

I would have to take a look at the code to try and figure it out myself.

I didnt write the original code. All I did was integrate the whitelist plugin as a core feature of the Cordova Android platform and renamed it to AllowList.

Ah, okay. It looks like a bit of refactoring led to the bug. This is the original code:

    @Override
    public Boolean shouldAllowRequest(String url) {
        if (Boolean.TRUE == shouldAllowNavigation(url)) {
            return true;
        }
        if (allowedRequests.isUrlWhiteListed(url)) {
            return true;
        }
        return null; // Default policy
    }

@erisu
Copy link
Member

erisu commented Sep 9, 2021

Ah yes, nice catch.

That refactoing bug would probally have been my fault :D Sorry

Changes looks correct.

@erisu erisu merged commit aea6b7f into apache:master Sep 9, 2021
@erisu erisu added this to the 10.1.1 milestone Sep 13, 2021
wedgberto pushed a commit to wedgberto/cordova-android that referenced this pull request May 17, 2022
@jskrepnek @wedgberto
fix(AllowListPlugin): Safely handle default allow navigation policy i…
46d2c69 
…n allow request (apache#1342)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erisu erisu erisu approved these changes

@breautek breautek breautek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
10.1.1
Development

Successfully merging this pull request may close these issues.

The AllowList plugin may throw a NullPointerException in some case
3 participants
@jskrepnek @erisu @breautek