SDK-113 Fix WebView CORS issue with self-hosted custom fonts #952
Conversation
sumeruchat
changed the title
| return this.endpoint; | ||
| } | ||
|
|
||
| String getWebAppBaseUrl() { |
There was a problem hiding this comment.
Minor: Lack of consistency, the method above has the visibility public and this doesn't. Is it intentional?
There was a problem hiding this comment.
good catch will also make it public for consistency
| public enum IterableDataRegion { | ||
| US("https://api.iterable.com/api/"), | ||
| EU("https://api.eu.iterable.com/api/"); | ||
| US("https://api.iterable.com/api/", "https://app.iterable.com"), |
There was a problem hiding this comment.
Doesn't make sense that they are hardcoding app.iterable.com as the webappbaseurl since iterable isn't serving the request. It local html that is getting rendered into the application.
We should change this to be configurable and set by the client so that they can use whatever they want. If we have it as iterable.com, if we were to change this in the future, it would break any clients tied to the domain.
| try { | ||
| IterableConfig config = getInstance().config; | ||
| if (config != null && config.dataRegion != null) { | ||
| return config.dataRegion.getWebAppBaseUrl(); |
There was a problem hiding this comment.
Have we tried testing with with other domains? Is it simply the existence of the url domain or a certain domain that they are expecting for CORS.
* InApp-Display-E2E: Deleting md files for integration Cleaning up further Added retry if button not found for reliabililty Using server campaign send in InApp Activity URL handler functionality tested Retry For sync now removed Two config initialization problem SDK-113 Fix WebView CORS issue with self-hosted custom fonts (#952) MOB-11639 Background Initialization (#946) [MOB-12181] - Prepare for 3.6.1 Committing just whats needed. Removing code [MOB-11844] - Support edge to edge to InApps updating the queries selection uncommenting the queries updating runs on to allow the workflow to progress Adding initial CodeQL workflow Adding initial CodeQL workflow
🐛 Problem
Wolt reported that their self-hosted custom fonts aren't rendering in Iterable in-app messages on Android. The same fonts work perfectly on iOS and Web, but Android users see fallback fonts instead of Wolt's branded typography.
🔍 Root Cause
The issue was in
IterableWebView.loadDataWithBaseURL()- it was passing an empty string as the baseURL parameter. This caused the WebView to useabout:blankas the origin instead of a proper web origin.When the HTML tried to load Wolt's custom fonts from
https://webfonts.wolt.com/, the browser's CORS policy blocked the requests because:https://app.eu.iterable.comabout:blankorigin✅ Solution
Added a configurable WebView base URL parameter that customers can set to match their CORS configuration:
setWebViewBaseUrl()inIterableConfig.BuilderIterableUtil.getWebViewBaseUrl()helper method🚀 Usage
For Wolt (fixes the CORS issue):
For existing customers (no change needed):