To counter a bit, all of my apps are using the standard Cordova Android WebView, and store all their data in the browser's indexedDB. I've had no issues with file URLs (although I expect that will change with API 30 enforcement).
Losing data in an app update is unacceptable, and for many apps it would be catastrophic (see comments from when Google did a bad indexedDB migration and people lost data[1]). On iOS with WKWebView, I'm stuck in the position of continuing to use file URLs to keep existing data working because there's no supported path for data migration to the new scheme. We made the decision with Cordova iOS to use file URLs by default to ensure that we didn't unexpectedly break existing apps. We either need to default to using file URLs on Android (which is risky considering the API 30 enforcement is restricting what works there), or provide an officially supported update path that preserves and migrates all the relevant data. (If we opt for the migration path, it would be nice to have it support iOS as well.) If we release a Cordova update that causes a bunch of existing Android apps to lose all their data, it will very likely be a public image disaster from which we will never recover. [1] https://bugs.chromium.org/p/chromium/issues/detail?id=1033655 On Tue, Apr 27, 2021 at 8:48 AM Bryan Ellis <er...@apache.org> wrote: > > I also agree. > > I think we should move forward with these changes and use the > WebViewAssetLoader by default. > > If must, we could write a blog post explaining how to use Norman's plugin for > data migration. But I do not know if the plugin is complete to cover all data > sources and fits this case. > > I believe the change though is necessary. > > Starting from API 30, Google has disabled file access to the WebView because > it introduces possible security risks. > > > Apps should not open file:// URLs from any external source in WebView, > don't enable this if your app accepts arbitrary URLs from external sources. > > In our recent release of Cordova-Android, we explicitly set the > `setAllowFileAccess` to `true` to get around the change that came in the API > 30 release. This allowed apps to continue working temporarily, while we would > introduce a proper solution in this coming major release, preferably > following a secure implementation. I believe we should not default to > something that has been publicly announced and known to lead to potential > security risks. > > If we want to support the file scheme to allow users to avoid data loss, I > think a config.xml flag can be introduced that users can manually set if they > are willing to accept the potential security risks that exist with it. And it > could allow them to move over whenever they decide. > > > > > On Apr 27, 2021, at 9:07 PM, julio cesar sanchez <jcesarmob...@gmail.com> > > wrote: > > > > I would vote for defaulting to WebViewAssetLoader but still allow using > > file:// from a config.xml preference for the people that are not ready to > > move on. > > But on cordova-ios 6 I think we ended up defaulting to file:// and use the > > schemes only as opt-in. > > > > About migrating data, I don't think that's our job, but we can point users > > to plugins if you know some. > > > > El mar, 27 abr 2021 a las 8:03, Niklas Apache (<niklasm...@apache.org>) > > escribió: > > > >> Hey folks, > >> > >> we recently merged a PR [1] which significantly changes how cordova- > >> android loads web content in the webview and now need to decide how to > >> move proceed. > >> > >> Google introduced the WebViewAssetLoader to make it possible to use web > >> content from a standard http(s) scheme instead of file:. This was done > >> to remove security risks [2] and some apps with routing frameworks like > >> React and Angular need this for proper routing. > >> > >> Because cordova-android 10 now uses AndroidX we could implement the > >> WebViewAssetLoader and remove some deprecated or security related > >> WebSettings and move the platform forward to current Android standards. > >> > >> This change may break some apps now because the origin changes if the > >> app now runs on https://localhost for example instead of file://. > >> Changing the origin means losing access to web storage like > >> localstorage, indexedb etc. First and foremost we need to announce that > >> change with the release for developers to act but additionally we could > >> do: > >> > >> 1.) Default back to file:// and make the WebViewAssetLoader opt-in via > >> config.xml. This exposes apps to the security risk: > >> > >>> Note: Apps should not open file:// URLs from any external source in > >> WebView, don't enable this if your app accepts arbitrary URLs from > >> external sources. It's recommended to always use > >> androidx.webkit.WebViewAssetLoader > >> < > >> https://developer.android.com/reference/androidx/webkit/WebViewAssetLoader > >>> > >> to access files including assets and resources over http(s):// schemes, > >> instead of file:// URLs. To prevent possible security issues targeting > >> Build.VERSION_CODES.Q > >> <https://developer.android.com/reference/android/os/Build.VERSION_CODES#Q> > >> and earlier, you should explicitly set this value to false. > >> > >> 2.) Add a migration for localstorage etc. to the platform to provide a > >> smoother transition > >> > >> 3.) Use the WebViewAssetLoader only and don't migrate in the platform > >> but point users to a plugin that helps them to manage their migration > >> > >> Personally I would favor to move to WebViewAssetLoader by default in > >> this breaking release to get apps up to date and adapt to Androids > >> changes. I don't know how many apps would be affected because I suspect > >> many apps are using native storage solutions (SQLite etc.) or are > >> running Ionics WebView with the https scheme already. I am doing both > >> for my apps because of the many localstorage and non https scheme issues > >> we had in the past and I suspect many did as well. > >> > >> Cordova Android 10 needs to be released rather sooner than later so > >> please leave your feedback. > >> > >> Thank you very much and kind regards > >> Niklas > >> > >> [1] https://github.com/apache/cordova-android/pull/1137 > >> [2] > >> > >> https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean) > >> > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
