Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Cloudflare Access expired cookie flow #4160

Closed
wants to merge 2 commits into from
Closed

Support Cloudflare Access expired cookie flow #4160

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
03e0a7a
Extract browser launch checking behaviour into its own method
mcuelenaere Jan 25, 2024
d5671d5
Handle Cloudflare Access URLs in the webview, not the browser.
mcuelenaere Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion app/src/main/java/io/homeassistant/companion/android/webview/WebViewActivity.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@ import kotlinx.coroutines.withContext
import okhttp3.HttpUrl.Companion.toHttpUrl
import org.chromium.net.CronetEngine
import org.json.JSONObject
import java.net.MalformedURLException
import java.net.URL
import java.util.concurrent.Executors
import javax.inject.Inject
import javax.inject.Named
Expand Down Expand Up @@ -461,7 +463,7 @@ class WebViewActivity : BaseActivity(), io.homeassistant.companion.android.webvi
startActivity(intent)
}
return true
} else if (!webView.url.toString().contains(it.toString())) {
} else if (shouldLaunchWebBrowser(it.toString())) {
Log.d(TAG, "Launching browser")
val browserIntent = Intent(Intent.ACTION_VIEW, it)
startActivity(browserIntent)
Expand Down Expand Up @@ -677,6 +679,20 @@ class WebViewActivity : BaseActivity(), io.homeassistant.companion.android.webvi
}
}

private fun shouldLaunchWebBrowser(url: String): Boolean {
val parsedUrl = try { URL(url); } catch (e: MalformedURLException) { null }
if (parsedUrl?.path?.startsWith("/cdn-cgi/access/") == true) {
// This particular path is used by Cloudflare's Access product. We need
// to handle this in the webview, as certain cookies will be set after a
// successful authentication. Cloudflare will only allow access to the underlying
// server if these cookies are present. If the user would authenticate in the browser,
// the cookies would be stored there and we would not be able to read them.
return false
}

return !webView.url.toString().contains(url)
}

private fun webViewAddJavascriptInterface() {
webView.removeJavascriptInterface(javascriptInterface)
webView.apply {
Expand Down
Loading