From 6b5ddad8b36e33ef4171f6da5cc311ed3f634ac6 Mon Sep 17 00:00:00 2001 From: Chace Daniels Date: Thu, 21 Sep 2023 12:01:19 -0500 Subject: [PATCH] fix(cookies): retrieve cookies when using a custom android scheme --- .../getcapacitor/plugin/CapacitorCookies.java | 65 ++++++++++++------- cli/src/declarations.ts | 8 +++ 2 files changed, 48 insertions(+), 25 deletions(-) diff --git a/android/capacitor/src/main/java/com/getcapacitor/plugin/CapacitorCookies.java b/android/capacitor/src/main/java/com/getcapacitor/plugin/CapacitorCookies.java index 64f97d87a..45c01be2e 100644 --- a/android/capacitor/src/main/java/com/getcapacitor/plugin/CapacitorCookies.java +++ b/android/capacitor/src/main/java/com/getcapacitor/plugin/CapacitorCookies.java @@ -39,6 +39,11 @@ public boolean isEnabled() { return pluginConfig.getBoolean("enabled", false); } + private boolean isAllowingInsecureCookies() { + PluginConfig pluginConfig = getBridge().getConfig().getPluginConfiguration("CapacitorCookies"); + return pluginConfig.getBoolean("androidCustomSchemeAllowInsecureAccess", false); + } + @JavascriptInterface public void setCookie(String domain, String action) { cookieManager.setCookie(domain, action); @@ -46,34 +51,44 @@ public void setCookie(String domain, String action) { @PluginMethod public void getCookies(PluginCall call) { - this.bridge.eval( - "document.cookie", - value -> { - String cookies = value.substring(1, value.length() - 1); - String[] cookieArray = cookies.split(";"); - - JSObject cookieMap = new JSObject(); - - for (String cookie : cookieArray) { - if (cookie.length() > 0) { - String[] keyValue = cookie.split("=", 2); - - if (keyValue.length == 2) { - String key = keyValue[0].trim(); - String val = keyValue[1].trim(); - try { - key = URLDecoder.decode(keyValue[0].trim(), StandardCharsets.UTF_8.name()); - val = URLDecoder.decode(keyValue[1].trim(), StandardCharsets.UTF_8.name()); - } catch (UnsupportedEncodingException ignored) {} - - cookieMap.put(key, val); + if (isAllowingInsecureCookies()) { + String url = call.getString("url"); + JSObject cookiesMap = new JSObject(); + HttpCookie[] cookies = cookieManager.getCookies(url); + for (HttpCookie cookie : cookies) { + cookiesMap.put(cookie.getName(), cookie.getValue()); + } + call.resolve(cookiesMap); + } else { + this.bridge.eval( + "document.cookie", + value -> { + String cookies = value.substring(1, value.length() - 1); + String[] cookieArray = cookies.split(";"); + + JSObject cookieMap = new JSObject(); + + for (String cookie : cookieArray) { + if (cookie.length() > 0) { + String[] keyValue = cookie.split("=", 2); + + if (keyValue.length == 2) { + String key = keyValue[0].trim(); + String val = keyValue[1].trim(); + try { + key = URLDecoder.decode(keyValue[0].trim(), StandardCharsets.UTF_8.name()); + val = URLDecoder.decode(keyValue[1].trim(), StandardCharsets.UTF_8.name()); + } catch (UnsupportedEncodingException ignored) {} + + cookieMap.put(key, val); + } } } - } - call.resolve(cookieMap); - } - ); + call.resolve(cookieMap); + } + ); + } } @PluginMethod diff --git a/cli/src/declarations.ts b/cli/src/declarations.ts index 7f123e30a..9c0b6d4a2 100644 --- a/cli/src/declarations.ts +++ b/cli/src/declarations.ts @@ -636,6 +636,14 @@ export interface PluginsConfig { * @default false */ enabled?: boolean; + /** + * Enable `httpOnly` and other insecure cookies to be read and accessed on Android. + * + * Note: This can potentially be a security risk and is only intended to be used + * when your application uses a custom scheme on Android. + * + */ + androidCustomSchemeAllowInsecureAccess?: boolean; }; /**