Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opens in browser when originWhitelist contains a path #1133

Closed
giregk opened this issue Jan 10, 2020 · 5 comments
Closed

opens in browser when originWhitelist contains a path #1133

giregk opened this issue Jan 10, 2020 · 5 comments
Labels
Stale Type: bug report

Comments

@giregk
Copy link

giregk commented Jan 10, 2020

Bug description:
If you specify originWhitelist={['https://domain.com/']}, the link opens in the browser instead of inside the app.

If you remove the trailing '/', it works fine.
(My use case is to specify an originWhitelist equal to source.uri so users can't navigate outside the domain of the link.)

To Reproduce:
on iOS (not tested on android)

<WebView
  source={{uri: 'https://exemple.com/index.html}}
  originWhitelist={['https://exemple.com/index.html']}
>...

Expected behavior:
The link should open in the app (as a webview) instead of opening the navigator and the domain user should be unable to navigate outside the domain.

Screenshots/Videos:
N/A

Environment:

  • OS: iOS
  • OS version: 13.3
  • react-native version: 0.59
  • react-native-webview version: 8.02
@thormengkheang
Copy link

I got the same problem too. It opens the browser to this link https://staticxx.facebook.com/connect/xd_arbiter.php?version=45#
url="https://l192.mediaload.co"
originWhitelist={['https://*.l192.com', 'https://*.mediaload.co']}

@theUNnicked
Copy link

I have the same problem. The behavior I want to achieve is only allowing to render a specific page. Redirecting to any other page on the same domain should open it in the browser.

I know that the documentation about originWhitelist states that: The strings allow wildcards and get matched against just the origin (not the full URL). But is there an actual reason why full urls cannot be whitelisted?

@github-actions
Copy link

Hello 👋, this issue has been opened for more than 2 months with no activity on it. If the issue is still here, please keep in mind that we need community support and help to fix it! Just comment something like still searching for solutions and if you found one, please open a pull request! You have 7 days until this gets closed automatically

@github-actions github-actions bot added the Stale label Mar 24, 2020
@princefishthrower
Copy link

I can confirm this is reproducible in version 11.13.0

But I need it to parse special intent links...

@jeromecovington
Copy link

jeromecovington commented Dec 19, 2022
edited

I would like the ability to only load a specific matched path on the whitelisted origin into the WebView, but have links that are tapped in the loaded document (which do match the whitelisted origin but not the whitelisted path), be opened in the browser.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale Type: bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jeromecovington @thormengkheang @princefishthrower @theUNnicked @giregk