It seems that custom URL schemes are not correctly handled, at least on Android.
For example, this plugin (https://github.com/EddyVerbruggen/Custom-URL-scheme) suggests that users use a forked version of the in app browser to handle these custom URL schemes ( https://github.com/Innovation-District/cordova-plugin-inappbrowser). The problem is that an in-app-browser & custom URL scheme setup is particularly useful for OAuth authentications in Cordova apps. So trusting some random fork of the In App Browser plugin for these security sensitive use cases seems like a bad idea. >From looking at the source code for In App Browser, it seems that it >additionally rejects custom URL schemes and attempts to re-write them, >seemingly making intercepting the custom url scheme page loads with the >'loadstart' event not possible: >http://git.lunargravity.be/project/Dag-secret-calculator/blob/3587c7a66a932c7de7183776880a55b4047eeb78/plugins/cordova-plugin-inappbrowser/src/android/InAppBrowser.java#L872 To be clear, this only appears to be an issue on android - for whatever reason iOS is perfectly happy loading custom URL schemes from the In App Browser. [ Full content available at: https://github.com/apache/cordova-plugin-inappbrowser/issues/289 ] This message was relayed via gitbox.apache.org for [email protected]
