Properly handle custom URL schemes?

[lougreenwood]

It seems that custom URL schemes are not correctly handled, at least on Android.

For example, this plugin (https://github.com/EddyVerbruggen/Custom-URL-scheme) suggests that users use a forked version of the in app browser to handle these custom URL schemes (
https://github.com/Innovation-District/cordova-plugin-inappbrowser).

The problem is that an in-app-browser & custom URL scheme setup is particularly useful for OAuth authentications in Cordova apps. So trusting some random fork of the In App Browser plugin for these security sensitive use cases seems like a bad idea.

From looking at the source code for In App Browser, it seems that it additionally rejects custom URL schemes and attempts to re-write them, seemingly making intercepting the custom url scheme page loads with the 'loadstart' event not possible: http://git.lunargravity.be/project/Dag-secret-calculator/blob/3587c7a66a932c7de7183776880a55b4047eeb78/plugins/cordova-plugin-inappbrowser/src/android/InAppBrowser.java#L872

To be clear, this only appears to be an issue on android - for whatever reason iOS is perfectly happy loading custom URL schemes from the In App Browser.

[dd09012]

We have come across exactly the same problem and don't know how we should proceed now.

If this is a feature, then why doesn't inappbrowser on ios have the same 'logic'.
If it is a bug, then why hasn't it been fixed yet.

Any suggestions on how to handle an oauth (in our case auth0) callback to an android app are greatly appreciated.

[janpio]

Feel free to investigate this further @dd09012 - Cordova committers are volunteers working on this in their free time, and this doesn't seem to have been anyone's priority.

Suggestion 1: Create a new app with cordova create, implement the absolute minimum to be able to reproduce this feature/bug (e.g. "loadstart worsk with normal URLs, but not with custom URLs"), put it on GitHub and then post the URL to the repository here - this will make it much easier for someone to jump in.

After a contributor looked at this project and confirmed this as a bug, this issue will get the appropriate tag and it will be able to be fixed by someone looking for something to work on.

---

@lougreenwood

http://git.lunargravity.be/project/Dag-secret-calculator/blob/3587c7a66a932c7de7183776880a55b4047eeb78/plugins/cordova-plugin-inappbrowser/src/android/InAppBrowser.java#L872

No idea what codebase this links to, the current place of this code is at

cordova-plugin-inappbrowser/src/android/InAppBrowser.java

Lines 1245 to 1251 in 0fd43ae

	else
	{
	// Assume that everything is HTTP at this point, because if we don't specify,
	// it really should be. Complain loudly about this!!!
	LOG.e(LOG_TAG, "Possible Uncaught/Unknown URI");
	newloc = "http://" + url;
	}

seemingly making intercepting the custom url scheme page loads with the 'loadstart' event not possible

Is this speculation or have you tried this and it didn't work because of this code?

[jim0020]

What's the status of this PR? I can confirm that the loadstart event callback receives my custom url in the event.url field, but an 'http://' is prepended like http://MyCustomUrlScheme://authorized?code=ABCDEFG

Also the customscheme event is never called, probably because the custom url scheme isn't recognized due to the prepended 'http://'.

Again, this is only on Android. iOS works fine.

[coolvasanth]

Even I'm facing the similar problem ? Have you found any solution for same ?

[raskri]

Still an issue for me and my project :( has anyone solved this issue?