Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Detect cross-origin redirects during visits #82

Merged
merged 3 commits into from
Jan 8, 2025
Merged

Detect cross-origin redirects during visits #82

merged 3 commits into from
Jan 8, 2025

Conversation

jayohms
Copy link
Contributor

@jayohms jayohms commented Jan 7, 2025
edited
Loading

This PR supersedes the approach in hotwired/turbo-android#325. Due to CORS restrictions, the javascript Fetch API cannot be reliably used across applications to detect cross-origin redirects during Turbo visits.

This new approach hands off failed visits with a non-HTTP status code (which suggests a cross-origin redirect may have been attempted) to the native code to detect cross-origin redirects. If a visit redirect is detected, the final redirect location is used to propose a new visit, which will flow through the normal navigation routing decision tree.

@jayohms jayohms requested a review from mbarta January 7, 2025 16:03
jayohms
jayohms commented Jan 7, 2025
View reviewed changes
...ation-fragments/src/main/java/dev/hotwire/navigation/fragments/HotwireWebFragmentDelegate.kt
Comment on lines +249 to +250
navigator.pop()
navigator.route(location)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note this is where the redirect visit is initiated. First, it pops the current screen off the backstack, since it led to a visit failure. Then the new cross-origin redirect visit is routed, which will likely end up routing outside the app — but it's based on the configured RouteDecisionHandler instances.

@jayohms jayohms mentioned this pull request Jan 7, 2025
Closed
mbarta
mbarta approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@mbarta mbarta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you!

core/src/main/kotlin/dev/hotwire/core/turbo/http/HttpRepository.kt Outdated Show resolved Hide resolved
core/src/main/kotlin/dev/hotwire/core/turbo/session/Session.kt Outdated Show resolved Hide resolved
@jayohms jayohms merged commit 7c4cf55 into main Jan 8, 2025
1 check passed
@jayohms jayohms deleted the cross-origin-redirect branch January 8, 2025 19:21
@svara svara mentioned this pull request Jan 9, 2025
Merged
@jayohms jayohms mentioned this pull request Jan 9, 2025
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mbarta mbarta mbarta approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jayohms @mbarta