Open patrik-skilling opened 3 months ago
I am guessing you also want to remove the Basic Auth string from the Uri before loading the WebView.
Or rewrite the allowedOrigin
to look at Location
or similar instead.
private void loadWebView() {
final boolean html5mode = this.config.isHTML5Mode();
// Start the local web server
JSInjector injector = getJSInjector();
if (WebViewFeature.isFeatureSupported(WebViewFeature.DOCUMENT_START_SCRIPT)) {
WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(appUrl));
String allowedOrigin = appUrl;
Uri appUri = Uri.parse(appUrl);
if (appUri.getPath() != null) {
// Remove paths in uri
allowedOrigin = appUri.toString().replace(appUri.getPath(), "");
// Remove Basic Auth string (pseudo code)
allowedOrigin = appUri.toString().replace(appUri['Basic Auth'], "");
}
WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(allowedOrigin));
injector = null;
}
Here is the code fix I made to solve it locally:
private void loadWebView() {
final boolean html5mode = this.config.isHTML5Mode();
// Start the local web server
JSInjector injector = getJSInjector();
if (WebViewFeature.isFeatureSupported(WebViewFeature.DOCUMENT_START_SCRIPT)) {
Uri appUri = Uri.parse(appUrl);
String scheme = appUri.getScheme() + "://";
String host = appUri.getHost();
String allowedOrigin = scheme + host;
WebViewCompat.addDocumentStartJavaScript(webView, injector.getScriptString(), Collections.singleton(allowedOrigin));
injector = null;
}
This issue has been labeled as type: bug
. This label is added to issues that that have been reproduced and are being tracked in our internal issue tracker.
Capacitor Version
Other API Details
No response
Platforms Affected
Current Behavior
When adding Basic Auth to server.url app crash and you get an stacktrace that says IllegalArgumentException: allowedOriginRules https://{BasicAuth}/{Domain} is invalid. I know this works well in Capacitor 5.0 with previous versions.
See screenshot
Expected Behavior
App should load when server url includes Basic Auth. If it's intended that Basic Auth will not be allowed please respond with reason for the change.
Project Reproduction
https://github.com/patrik-skilling/public-capacitor-6-basic-auth-demo
Additional Information
No response