[
https://issues.apache.org/jira/browse/CB-8761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14510725#comment-14510725
]
ASF GitHub Bot commented on CB-8761:
------------------------------------
Github user vladimir-kotikov commented on a diff in the pull request:
https://github.com/apache/cordova-plugin-file-transfer/pull/74#discussion_r29036346
--- Diff: src/wp/FileTransfer.cs ---
@@ -210,6 +216,77 @@ public FileTransferProgress(long bTotal = 0, long
bLoaded = 0)
}
/// <summary>
+ /// Helper method to copy all relevant cookies from the WebBrowser
control into a header on
+ /// the HttpWebRequest
+ /// </summary>
+ /// <param name="browser">The source browser to copy the cookies
from</param>
+ /// <param name="webRequest">The destination HttpWebRequest to add
the cookie header to</param>
+ /// <returns>Nothing</returns>
+ private async Task CopyCookiesFromWebBrowser(HttpWebRequest
webRequest)
+ {
+ var tcs = new TaskCompletionSource<object>();
+
+ // Accessing WebBrowser needs to happen on the UI thread
+ Deployment.Current.Dispatcher.BeginInvoke(() =>
+ {
+ // Get the WebBrowser control
+ if (this.browser == null)
+ {
+ PhoneApplicationFrame frame =
Application.Current.RootVisual as PhoneApplicationFrame;
+ if (frame != null)
+ {
+ PhoneApplicationPage page = frame.Content as
PhoneApplicationPage;
+ if (page != null)
+ {
+ CordovaView cView =
page.FindName("CordovaView") as CordovaView;
+ if (cView != null)
+ {
+ this.browser = cView.Browser;
+ }
+ }
+ }
+ }
+
+ try
+ {
+ // Only copy the cookies if the scheme and host match
(to avoid any issues with secure/insecure cookies)
+ // NOTE: since the returned CookieCollection appears
to munge the original cookie's domain value in favor of the actual Source
domain,
+ // we can't know for sure whether the cookies would be
applicable to any other hosts, so best to play it safe and skip for now.
+ if (this.browser.Source.Scheme ==
webRequest.RequestUri.Scheme && this.browser.Source.Host ==
webRequest.RequestUri.Host)
--- End diff --
it is very unlikely, but `browser` still can be null here, consider adding
check for 'not null' case.
Also `browser.Source.Scheme` and `browser.Source.Host` will throw an
`InvalidOperationException` if `Source` is an relative URI. IMO it's better to
check if `browser.Source.IsAbsoluteUri == true` than catch an exception here.
> WP8: FileTransfer does not inherit cookies from WebBrowser
> ----------------------------------------------------------
>
> Key: CB-8761
> URL: https://issues.apache.org/jira/browse/CB-8761
> Project: Apache Cordova
> Issue Type: Improvement
> Components: Plugin File Transfer
> Reporter: Dan Polivy
>
> On Android and iOS (and presumably other platforms), the file transfer plugin
> will inherit any relevant cookies from the WebBrowser control when
> communicating with a particular domain. On WP8, however, that is not the
> case, as HttpWebRequest does not share cookies with the WebBrowser control.
> When cookies are used for authentication, and authentication is required for
> file uploads, it becomes important to be able to set cookies on the
> HttpWebRequest containing the upload. This should be supported on WP8 like it
> is on other platforms.
> I have built a solution to this problem that works; it essentially copies the
> relevant cookies from the WebBrowser control and manually generates a Cookie
> header for the HttpWebRequest. Due to some bugs in the version of .NET on
> WP8, not all cookie data is accessible in this manner (e.g. path, domain),
> however enough is there to get the job done.
> This fix is more limited to only scenarios where the browser scheme and host
> match that of the file transfer request to avoid any security issues with
> cookies going to the wrong domain. In my scenario, I am hosting my web pages
> remotely, on the same server I upload files to, so this works OK.
> Unfortunately, it won't help with scenarios where the transfer is to a
> different remote host.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
