Skip to content

Detect cross-origin redirects during visits #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Jan 10, 2025
Merged

Detect cross-origin redirects during visits #70

merged 15 commits into from
Jan 10, 2025
+212 −4

Conversation

svara
Copy link
Contributor

@svara svara commented Jan 9, 2025

This PR is the counterpart of the Android hotwired/hotwire-native-android#82.
Due to CORS restrictions, the javascript Fetch API cannot be reliably used across applications to detect cross-origin redirects during Turbo visits.

This new approach hands off failed visits with a non-HTTP status code (which suggests a cross-origin redirect may have been attempted) to the native code to detect cross-origin redirects. If a visit redirect is detected, the final redirect location is treated as an external URL and opened appropriately.

@svara svara requested review from olivaresf and jayohms January 9, 2025 17:23
jayohms
jayohms approved these changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@jayohms jayohms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, nice work on this @svara.

@jayohms jayohms mentioned this pull request Jan 9, 2025
Merged
@joemasilotti
Copy link
Member

Using Demo PR #12, I'm seeing the external redirect open in SFSafariViewController. What do I need to configure to test this fully? I'm not seeing how I can implement handle(externalURL:) for this to work.

@svara svara merged commit 0c20bcb into main Jan 10, 2025
1 check passed
@svara svara deleted the cross-origin-redirect branch January 10, 2025 11:03
@ibrahima
Copy link

ibrahima commented Jan 13, 2025
edited
Loading

Hi! This is helpful, I've noticed this issue before as well, so thanks for resolving it!

I was wondering, is there a way to handle this differently from within my application code? E.g., if I wanted to open this in a webview within my app, would there be a way to set that up? (At this point I don't know for sure if this would help me, but it's something I'm considering to handle a specific situation with my app.)

Edit: Never mind, I don't have the same need anymore. But I'm just curious if there's something one can do here, because when I print out visit proposals in my NavigatorDelegate it doesn't show anything for the cross-origin redirects. (But maybe that's true of all redirects, actually...)

@jayohms
Copy link
Contributor

jayohms commented Jan 14, 2025

@ibrahima while it's not currently possible, we're going to begin some work soon in the iOS library to make navigation more customizable through the same RouteDecisionHandler concept that Android uses. I don't have a specific timeline, but we're going to align this aspect between platforms so iOS is more flexible and the platforms are consistent: https://native.hotwired.dev/android/reference#handling-url-routes

@jayohms jayohms mentioned this pull request Jan 22, 2025
Closed
@glennfu glennfu mentioned this pull request Jan 28, 2025
Closed
@sztobar sztobar mentioned this pull request Apr 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joemasilotti joemasilotti joemasilotti left review comments

@jayohms jayohms jayohms approved these changes

@olivaresf olivaresf Awaiting requested review from olivaresf

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@svara @joemasilotti @ibrahima @jayohms