search

remotestorage / remotestorage.js

⬡ JavaScript client library for integrating remoteStorage in apps
https://remotestoragejs.readthedocs.io
MIT License
2.32k stars 141 forks source link

Hiding Url bar in InAppBrowser plugin of cordova does not work for higher versions #1246

Closed Samita907 closed 3 years ago

Samita907 commented 3 years ago

Hi , I am using cordova-plugin-inappbrowser for calling a webapp .

Hiding location bar with plugin version above 2.0.2 (like 4.0.0 or 5.0.0 versions) not working. With version 2.0.2 of the plugin hiding location bar with attribute
(url,'_blank','location=no) is working. Please any one can suggest with versions above 2.0.2 how to hide url bar or is there any other alternative to InAppBrowser to open webapp .

raucao commented 3 years ago

Hi @Samita907,

The location bar is set to be shown intentionally in the source code of the library:

https://github.com/remotestorage/remotestorage.js/blob/553d11e63e7afb7655d320e7f91e017965551a78/src/authorize.ts#L102

It is an important security feature to prevent phishing attacks, where a malicious app could show you a page that looks like a real remoteStorage provider, but actually steals your credentials, and thus can potentially gain access to all of your stored private data.

This answer doesn't help with specific Cordova plugin changes between versions, of course. But even if you do succeed with hiding the location bar for the OAuth dialog, please don't do it for the stated reason. Thanks!

Samita907 commented 3 years ago

Hi @raucao , our requirement is like using an external web as an app using InAppBrowser without url bar. Thank you for the reply, will think on the security aspects you have mentioned.

raucao commented 3 years ago

Aha. That's still OK, as long as the OAuth dialog will show the location, which should be the case when using remoteStorage.js in Cordova. You may want to ask the plugin developers about this issue.