[
https://issues.apache.org/jira/browse/CB-8761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14510727#comment-14510727
]
ASF GitHub Bot commented on CB-8761:
------------------------------------
Github user vladimir-kotikov commented on a diff in the pull request:
https://github.com/apache/cordova-plugin-file-transfer/pull/74#discussion_r29036352
--- Diff: src/wp/FileTransfer.cs ---
@@ -210,6 +216,77 @@ public FileTransferProgress(long bTotal = 0, long
bLoaded = 0)
}
/// <summary>
+ /// Helper method to copy all relevant cookies from the WebBrowser
control into a header on
+ /// the HttpWebRequest
+ /// </summary>
+ /// <param name="browser">The source browser to copy the cookies
from</param>
+ /// <param name="webRequest">The destination HttpWebRequest to add
the cookie header to</param>
+ /// <returns>Nothing</returns>
+ private async Task CopyCookiesFromWebBrowser(HttpWebRequest
webRequest)
+ {
+ var tcs = new TaskCompletionSource<object>();
+
+ // Accessing WebBrowser needs to happen on the UI thread
+ Deployment.Current.Dispatcher.BeginInvoke(() =>
+ {
+ // Get the WebBrowser control
+ if (this.browser == null)
+ {
+ PhoneApplicationFrame frame =
Application.Current.RootVisual as PhoneApplicationFrame;
+ if (frame != null)
+ {
+ PhoneApplicationPage page = frame.Content as
PhoneApplicationPage;
+ if (page != null)
+ {
+ CordovaView cView =
page.FindName("CordovaView") as CordovaView;
+ if (cView != null)
+ {
+ this.browser = cView.Browser;
+ }
+ }
+ }
+ }
+
+ try
+ {
+ // Only copy the cookies if the scheme and host match
(to avoid any issues with secure/insecure cookies)
+ // NOTE: since the returned CookieCollection appears
to munge the original cookie's domain value in favor of the actual Source
domain,
+ // we can't know for sure whether the cookies would be
applicable to any other hosts, so best to play it safe and skip for now.
+ if (this.browser.Source.Scheme ==
webRequest.RequestUri.Scheme && this.browser.Source.Host ==
webRequest.RequestUri.Host)
+ {
+ string cookieHeader = "";
+ string requestPath =
webRequest.RequestUri.PathAndQuery;
+ CookieCollection cookies =
this.browser.GetCookies();
+
+ // Iterate over the cookies and add to the header
+ foreach (Cookie cookie in cookies)
+ {
+ // Check that the path is allowed, first
+ // NOTE: Path always seems to be empty for
now, even if the cookie has a path set by the server.
+ if (cookie.Path.Length == 0 ||
requestPath.IndexOf(cookie.Path) == 0)
+ {
+ cookieHeader += cookie.Name + "=" +
cookie.Value + "; ";
+ }
+ }
+
+ // Finally, set the header if we found any cookies
+ if (cookieHeader.Length > 0)
+ {
+ webRequest.Headers["Cookie"] = cookieHeader;
+ }
+ }
+ tcs.SetResult(Type.Missing);
+ }
+ catch (Exception ex)
+ {
+ tcs.SetException(ex);
--- End diff --
This exception will never be caught. Consider silently return from this
method here or add try/catch block around this method call in `upload` and
`download`.
> WP8: FileTransfer does not inherit cookies from WebBrowser
> ----------------------------------------------------------
>
> Key: CB-8761
> URL: https://issues.apache.org/jira/browse/CB-8761
> Project: Apache Cordova
> Issue Type: Improvement
> Components: Plugin File Transfer
> Reporter: Dan Polivy
>
> On Android and iOS (and presumably other platforms), the file transfer plugin
> will inherit any relevant cookies from the WebBrowser control when
> communicating with a particular domain. On WP8, however, that is not the
> case, as HttpWebRequest does not share cookies with the WebBrowser control.
> When cookies are used for authentication, and authentication is required for
> file uploads, it becomes important to be able to set cookies on the
> HttpWebRequest containing the upload. This should be supported on WP8 like it
> is on other platforms.
> I have built a solution to this problem that works; it essentially copies the
> relevant cookies from the WebBrowser control and manually generates a Cookie
> header for the HttpWebRequest. Due to some bugs in the version of .NET on
> WP8, not all cookie data is accessible in this manner (e.g. path, domain),
> however enough is there to get the job done.
> This fix is more limited to only scenarios where the browser scheme and host
> match that of the file transfer request to avoid any security issues with
> cookies going to the wrong domain. In my scenario, I am hosting my web pages
> remotely, on the same server I upload files to, so this works OK.
> Unfortunately, it won't help with scenarios where the transfer is to a
> different remote host.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
