fix: separate local storage between WebView processes#54
fix: separate local storage between WebView processes#54
Conversation
ItsChaceD
requested review from
a team,
OS-ruimoreiramendes,
alexgerardojacinto,
andredestro,
capacitor-bot,
markemer and
theproducer
and removed request for
a team
|
Also @ItsChaceD FYI one of the tests is broken with your PR, it passes in
It's hard to tell on the CI logs because of SonarCloud integration is broken. We should take a look at SonarCloud soon, it's been broken for too long now... |
OS-pedrogustavobilro
left a comment
OS-pedrogustavobilro
left a comment
There was a problem hiding this comment.
Overall checked the code and tested and LGTM.
We'll still need to address #54 (comment) in the coming days, but yeah I'll re-review if changes are made because of that.
| @SerializedName("pauseMedia") val pauseMedia: Boolean = true, | ||
| @SerializedName("customUserAgent") val customUserAgent: String? = null | ||
| @SerializedName("customUserAgent") val customUserAgent: String? = null, | ||
| @SerializedName("isIsolated") val isIsolated: Boolean = true |
There was a problem hiding this comment.
Just to confirm here: By default the plugin will set "isIsolated" to true, meaning this will be a breaking change in the plugin as discussed some time ago?
The reason why we are using default of true is because there are potential security concerns implicated? Because otherwise if we think there aren't security concerns, we can leave it at false to maintain backwards compatibility.
| if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { | ||
| try { | ||
| val processName = Application.getProcessName() | ||
| if (processName.endsWith(":OSInAppBrowser")) { | ||
| WebView.setDataDirectorySuffix("OSInAppBrowser") | ||
| } | ||
| } catch (e: Exception) { | ||
| Log.d(LOG_TAG, "Suffix already set or error: ${e.message}") | ||
| } | ||
| } |
There was a problem hiding this comment.
What happens on versions below Android 9 (not applicable to OutSystems, applicable to Capacitor)?
3 participants
Description
This PR implements localStorage isolation on Android API 28+ via setDataDirectorySuffix, bringing it into alignment with iOS behavior.
Due to Android system limitations, isolation can only be achieved by running the WebView in a separate
:OSInAppBrowserprocess with a dedicated data directory suffix. This requires events to be propagated between the processes via broadcast receivers. To avoid a breaking change, we keep the class signatures the same and add a custom@RequiresEventBridgeRegistrationannotation to proactively warn native library users of the new registration requirement.Context
https://outsystemsrd.atlassian.net/browse/RMET-4918?atlOrigin=eyJpIjoiOWI4NWVmMDIwZDhhNDRmMGJhMTljMWFlNTQxYmFkZjIiLCJwIjoiaiJ9
Type of changes
Platforms affected