Closed martin-braun closed 2 months ago
I have tested my above work around on an Android 7 POS device and this causes a crash of the app:
java.lang.RuntimeException: Unable to start activity ComponentInfo{..../.....MainActivity}: java.lang.IllegalArgumentException: allowedOriginRules https://192.168.77.166 is invalid
It seems older Android WebView's were more sensitive about allowOriginRules and didn't just ignore invalid rules.
Another reason why I think Capacitor isn't explicit enough about those allowOriginRules. The configuration should allow me to tell that my entry is http, instead of https and prevent those prefixes from being part of the URL set:
Look at this breakpoint when the stuff is passed to the WebView within the bridge (192.168.77.166
in this example). If Capacitor would allow me to tell what's https and whats not.
I hate this black box magic. All I want is testing my Capacitor app with a locally hosted website, I wish this was actually tested.
closing as duplicate of https://github.com/ionic-team/capacitor/issues/7454
@jcesarmobile Please re-open. It is NOT a duplicate of #7454 and I have fixed #7454 in #7571, but the issue I am talking about here is still present despite fixing #7454.
My devices return false
on WebViewFeature.isFeatureSupported(WebViewFeature.DOCUMENT_START_SCRIPT)
, thus they don't leverage the WebViewCompat.addDocumentStartJavaScript
method what #7454 is all about, instead it keeps the jsInjector and passes it to the constructor of WebViewLocalServer
to fall back to the old way of injecting code. The issue you claim to be a duplicate isn't even an issue on my older devices.
This issue here is about the fact that you rice all allowNavigation
with a https://
prefix before passing it to WebViewCompat.addWebMessageListener
which consequently breaks all apps that try to work with http-addresses such as local network addresses. We need more control over this in the configuration.
@jcesarmobile @mlynch Sorry for pinging (again), but I have to ask, is this a bad joke or common practice? Yes, I'm afraid I'm starting to get a bit salty right now, because it feels like my research and contribution regarding this (and the other issue) is not appreciated.
Let's try to keep it professional. Why is my above comment marked "abuse" and why is it being ignored? I have detailed why this issue is different from the issue that is marked as duplicate.
When I had to deal with these issues mentioned here and there, I took time out of my day to make a PR and report the ultimate issue that caused things to malfunction for me (this one). In my opinion it was triaged the wrong way and is not addressed now anymore.
Why do I try to give something back by being transparent about the issues I'm facing again? Should I just monkey patch and let the framework speak for itself?
Sorry, I'm just disappointed.
Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.
Capacitor Version
Capacitor Doctor 💊
Latest Dependencies:
@capacitor/cli: 6.1.1 @capacitor/core: 6.1.1 @capacitor/android: 6.1.1 @capacitor/ios: 6.1.1
Installed Dependencies:
@capacitor/ios: not installed @capacitor/core: 6.1.1 @capacitor/android: 6.1.1 @capacitor/cli: 6.1.1
[success] Android looking great! 👌
Other API Details
Platforms Affected
Current Behavior
When your app loads a website on the local network, such as
http://192.168.77.166:8080
this will open a new browser untilallowNavigation
is supplied with192.168.77.166
in the Capacitor configuration. When using the legacy bridgeuseLegacyBridge: true
theMessageHandler
would usewebView.addJavascriptInterface
to inject thewindow.androidBridge
object into the remote website, so that the platform is recognized asandroid
and the remote website would be able to communicate with the native plugins of Capactor, see:https://github.com/ionic-team/capacitor/blob/e0f299daaa112fa3bcea81ae539983756f1f7304/android/capacitor/src/main/java/com/getcapacitor/MessageHandler.java#L41
If the
useLegacyBridge: false
(default behavior), theMessageHandler
will attempt to useWebViewCompat.addWebMessageListener
to inject theandroidBridge
object:https://github.com/ionic-team/capacitor/blob/e0f299daaa112fa3bcea81ae539983756f1f7304/android/capacitor/src/main/java/com/getcapacitor/MessageHandler.java#L36
This however isn't working if the target website has
http://
instead ofhttps://
scheme, thusandroidBridge
is null after navigating to unsafe remote websites.WebViewCompat.addWebMessageListener
explicitly states:So, Capacitor requires
allowNavigation
to be a list of domains without scheme, such asexample.org
and you then makebridge.getAllowedOriginRules()
return an array of such list with the proper scheme, which ishttps://
always. This is the wrong behavior on local websites that don't use SSL for obvious reasons.useLegacyBridge: false
or changing the code to prefixhttp://
instead, native plugins will still not work, until the domain is specified with a port another time within theallowNavigation
list. Otherwise the pattern matching will fail and, despite theandroidBridge
not beingnull
, won't have an implementation for the platform and report so.I was able to bypass both issues by having this in my configuration:
Now
window.androidBridge
is not null on the network website and my native plugins work.Expected Behavior
We need a better way here. This was confusing, wasted a lot of time, is not documented. Providing
http://192.168.0.80:8080
should be enough to satisfy all rules. I was going crazy testing this. There is no documentation explaining this.Project Reproduction
Additional Information
I cannot share my private project, you should be able to reproduce with:
Use your own network IP and host a little web server on
0.0.0.0:8080
to see how it's not working, until you add all theallowNavigation
entries.