You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 20, 2023. It is now read-only.
As part of setIntentActivity in IntentReceiverActivity, we look for an EXTRA_AUTH_CUSTOM_TAB and EXTRA_SESSION extras as an indicator that we should launch AuthCustomTabActivity (as opposed to CustomTabActivity if just EXTRA_SESSION is present).
EXTRA_AUTH_CUSTOM_TAB extra isn't anything special, and can be set by any other external application, allowing a third-party app to get Fenix to display AuthCustomTabActivity. While we don't do anything particularly interesting in that activity (and there are OAuth safe-guards in place to ensure any authentication attempts are fully internal), it seems like a bad idea to expose that activity to the world like this.
grigoryk
changed the title
Suspect handling of EXTRA_AUTH_CUSTOM_TAB in IntentReceiverActivity
Improve handling of EXTRA_AUTH_CUSTOM_TAB in IntentReceiverActivity
Sep 11, 2019
5613: Fixes#5225 - Intent receiver cleanup r=rocketsroger a=NotWoods
### Pull Request checklist
<!-- Before submitting the PR, please address each item -->
- [x] **Quality**: This PR builds and passes detekt/ktlint checks (A pre-push hook is recommended)
- [ ] **Tests**: This PR includes thorough tests or an explanation of why it does not
- [ ] **Screenshots**: This PR includes screenshots or GIFs of the changes made or an explanation of why it does not
- [x] **Accessibility**: The code in this PR follows [accessibility best practices](https://github.com/mozilla-mobile/shared-docs/blob/master/android/accessibility_guide.md) or does not include any user facing features
### After merge
- [ ] **Milestone**: Make sure issues finished by this pull request are added to the [milestone](https://github.com/mozilla-mobile/fenix/milestones) of the version currently in development.
### To download an APK when reviewing a PR:
1. click on Show All Checks,
2. click Details next to "Taskcluster (pull_request)" after it appears and then finishes with a green checkmark,
3. click on the "Fenix - assemble" task, then click "Run Artifacts".
4. the APK links should be on the left side of the screen, named for each CPU architecture
Co-authored-by: Tiger Oakes <toakes@mozilla.com>
As part of
setIntentActivity
in IntentReceiverActivity, we look for anEXTRA_AUTH_CUSTOM_TAB
andEXTRA_SESSION
extras as an indicator that we should launchAuthCustomTabActivity
(as opposed toCustomTabActivity
if justEXTRA_SESSION
is present).EXTRA_AUTH_CUSTOM_TAB
extra isn't anything special, and can be set by any other external application, allowing a third-party app to get Fenix to displayAuthCustomTabActivity
. While we don't do anything particularly interesting in that activity (and there are OAuth safe-guards in place to ensure any authentication attempts are fully internal), it seems like a bad idea to expose that activity to the world like this.┆Issue is synchronized with this Jira Task
The text was updated successfully, but these errors were encountered: