fix: accept file cookies only if AndroidInsecureFileModeEnabled (#1449)

jcesarmobile · web-flow · commit 2d2ad4cb81c9 · 2022-06-29T11:36:55.000+09:00
diff --git a/framework/src/org/apache/cordova/engine/SystemCookieManager.java b/framework/src/org/apache/cordova/engine/SystemCookieManager.java
@@ -19,8 +19,6 @@ Licensed to the Apache Software Foundation (ASF) under one
 
 package org.apache.cordova.engine;
 
-import android.annotation.TargetApi;
-import android.os.Build;
 import android.webkit.CookieManager;
 import android.webkit.WebView;
 
@@ -35,10 +33,14 @@ public SystemCookieManager(WebView webview) {
         webView = webview;
         cookieManager = CookieManager.getInstance();
 
-        cookieManager.setAcceptFileSchemeCookies(true);
         cookieManager.setAcceptThirdPartyCookies(webView, true);
     }
 
+    @SuppressWarnings("deprecation")
+    public void setAcceptFileSchemeCookies() {
+        cookieManager.setAcceptFileSchemeCookies(true);
+    }
+
     public void setCookiesEnabled(boolean accept) {
         cookieManager.setAcceptCookie(accept);
     }
diff --git a/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java b/framework/src/org/apache/cordova/engine/SystemWebViewEngine.java
@@ -165,6 +165,7 @@ private void initWebViewSettings() {
             LOG.d(TAG, "Enabled insecure file access");
             settings.setAllowFileAccess(true);
             settings.setAllowUniversalAccessFromFileURLs(true);
+            cookieManager.setAcceptFileSchemeCookies();
         }
 
         settings.setMediaPlaybackRequiresUserGesture(false);

Original file line number	Diff line number	Diff line change
`@@ -165,6 +165,7 @@ private void initWebViewSettings() {`
`165`	`165`	`LOG.d(TAG, "Enabled insecure file access");`
`166`	`166`	`settings.setAllowFileAccess(true);`
`167`	`167`	`settings.setAllowUniversalAccessFromFileURLs(true);`
	`168`	`+ cookieManager.setAcceptFileSchemeCookies();`
`168`	`169`	`}`
`169`	`170`
`170`	`171`	`settings.setMediaPlaybackRequiresUserGesture(false);`