remotestorage/remotestorage.js

Hiding Url bar in InAppBrowser plugin of cordova does not work for higher versions

Samita907 opened this issue · 3 comments

Hi ,
I am using cordova-plugin-inappbrowser for calling a webapp .

Hiding location bar with plugin version above 2.0.2 (like 4.0.0 or 5.0.0 versions) not working.
With version 2.0.2 of the plugin hiding location bar with attribute
(url,'_blank','location=no) is working.
Please any one can suggest with versions above 2.0.2 how to hide url bar
or is there any other alternative to InAppBrowser to open webapp .

Hi @Samita907,

The location bar is set to be shown intentionally in the source code of the library:

.openWindow(url, redirectUri, 'location=yes,clearsessioncache=yes,clearcache=yes')

It is an important security feature to prevent phishing attacks, where a malicious app could show you a page that looks like a real remoteStorage provider, but actually steals your credentials, and thus can potentially gain access to all of your stored private data.

This answer doesn't help with specific Cordova plugin changes between versions, of course. But even if you do succeed with hiding the location bar for the OAuth dialog, please don't do it for the stated reason. Thanks!

Hi @raucao , our requirement is like using an external web as an app using InAppBrowser without url bar. Thank you for the reply, will think on the security aspects you have mentioned.

Aha. That's still OK, as long as the OAuth dialog will show the location, which should be the case when using remoteStorage.js in Cordova. You may want to ask the plugin developers about this issue.