fix: Do not intercept manager and scheme links in cozyAppFallbackURL #1032
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With current implementation, when clicking on a login email, if the app is already connected to a Cozy, then the app tries to open a cozy-app with that link We don't want that to happen as it would produce an error and also this is not an expected scenario To prevent that we want to ignore links that start with a scheme or manager links Note that this implementation is not bullet proof. Instead of preventing forbidden URLs we should instead hande only authorised ones. This should be done in another commit Also this bug highlighted another bug: when the login by email scenario ends and when the flagship certification is automatic, then the Linking `url` event is triggered another time (in useAppBootstrap). So this would trigger the navigation to a cozy-app By ignoring manager links we removed that bug's side effect but the incorrect behavior (double event) is still present. We must fix that bug in the future
acezard
approved these changes
Nov 24, 2023
Crash--
reviewed
Nov 24, 2023
| fallback?.startsWith('cozy://') || | ||
| fallback?.startsWith('https://manager.cozycloud.cc') || | ||
| fallback?.startsWith('https://staging-manager.cozycloud.cc') || | ||
| fallback?.startsWith('https://manager-dev.cozycloud.cc') |
There was a problem hiding this comment.
you have strings.cloudery.{prod|int|dev}Uri
Also, you should test the mabulle:// schema, no ?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With current implementation, when clicking on a login email, if the app is already connected to a Cozy, then the app tries to open a cozy-app with that link
We don't want that to happen as it would produce an error and also this is not an expected scenario
To prevent that we want to ignore links that start with a scheme or manager links
Note that this implementation is not bullet proof. Instead of preventing forbidden URLs we should instead hande only authorised ones. This should be done in another commit
Also this bug highlighted another bug: when the login by email scenario ends and when the flagship certification is automatic, then the Linking
urlevent is triggered another time (in useAppBootstrap). So this would trigger the navigation to a cozy-appBy ignoring manager links we removed that bug's side effect but the incorrect behavior (double event) is still present. We must fix that bug in the future