OpenFB icon indicating copy to clipboard operation
OpenFB copied to clipboard

Published 20 hours ago verified publisher icon ccoenraets

SECURITY WARNING

Open ngioldasis opened this issue 9 years ago • 5 comments

Hi, I'm using the openFB library in an ionic project. My settings are:

ionic version: 1.7.12 cordova-version: 6.0.0 openFB version: (latest commit)

when running the app in my browser, everything works fine.

In my Phone (android 5.0) there is a problem. When starting the app (on deviceready event), I do window.open = cordova.InAppBrowser.open

When I'm trying to login, the FB login page opens, I'm giving credentials, and click login.

The response is on a facebook page (https://www.facebook.com/connect/blank.html#=) saying:

Success

SECURITY WARNING: Please treat the URL above as you would your password and do not share it with anyone. See the Facebook Help Centre for more information.

and the FB login window never closes.

It seems that the openFB eventListener 'loginWindow_loadStartHandler' never fired.

Any ideas? Thanks in advance, Nektarios

ngioldasis avatar Feb 04 '16 12:02 ngioldasis

I finally resolved this issue.

The problem is on the InAppBrowser cordova plugin. InAppBrowser (version 1.2.0 which is available in the cordova registry at the moment of writing) does not fire the 'loadstart' and 'loadstop' event listeners in android platform (i don't know for IOS). So the opefFB handler which was registered on 'loadstart' was never fired up.

To solve this, install either the cordova-plugin-inappbrowser@~1.1.1 or install the latest version (1.2.1) directly from github (cordova plugin add https://github.com/apache/cordova-plugin-inappbrowser.git --save).

ngioldasis avatar Feb 05 '16 10:02 ngioldasis

Upgrading to 1.2.1 also fixed this issue for me too. Thanks!

philip-sterne avatar Feb 05 '16 12:02 philip-sterne

+1 Thanks @ngioldasis

sl45sms avatar Feb 05 '16 18:02 sl45sms

I have this problem only on iOS, in Android/iOS simulators all seems to be fine, but when using this on my iPad with the Ionic View this security warning appears. I've installed inappbrowser 1.2.1, but no change for me...

bogdanmartinescu avatar Feb 05 '16 21:02 bogdanmartinescu

same here. @bogdanmartinescu are you using this lib within an cordova-app with WKWebView -Plugin?

I removed the setTimeout here https://github.com/ccoenraets/OpenFB/blob/master/openfb.js#L132 and called the close() method directly. that works. but that could cause other problems when recieving the auth_token very fast. (see comments L129 / L130)

nicowenterodt avatar Feb 23 '16 23:02 nicowenterodt