Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Connect SDK] Support http/https pop-ups #9640

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[Connect SDK] Support http/https pop-ups #9640

wants to merge 4 commits into from
+43 −1

Conversation

simond-stripe
Copy link
Collaborator

Summary

http/https pop-ups are opened in a chrome custom tab and other pop-ups are unsupported.

Motivation

Certain embedded components rely on pop-ups for some functionality (ex. showing the user Stripe's privacy policy)

Testing

  • Added tests
  • Modified tests
  • Manually verified

Screenshots

demo-1731711260.mp4

@simond-stripe simond-stripe requested a review from a team as a code owner November 15, 2024 22:59
simond-stripe
simond-stripe commented Nov 15, 2024
View reviewed changes
connect-example/src/main/java/com/stripe/android/connect/example/data/SettingsService.kt
@@ -42,7 +42,7 @@ class SettingsService @Inject constructor(@ApplicationContext context: Context)
fun getAppearanceIdFlow(): Flow<AppearanceInfo.AppearanceId?> {
return observePref(APPEARANCE_ID_KEY) { prefs, key ->
val appearanceId = prefs.getString(key, null) ?: return@observePref null
AppearanceInfo.AppearanceId.valueOf(appearanceId)
AppearanceInfo.AppearanceId.entries.firstOrNull { it.name == appearanceId }
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀 this fixes a crash if any appearance id's change and can't be found anymore (something I ran into myself)

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 15, 2024
edited
Loading

Diffuse output:

OLD: identity-example-release-base.apk (signature: V1, V2)
NEW: identity-example-release-pr.apk (signature: V1, V2)

          │          compressed          │         uncompressed         
          ├───────────┬───────────┬──────┼───────────┬───────────┬──────
 APK      │ old       │ new       │ diff │ old       │ new       │ diff 
──────────┼───────────┼───────────┼──────┼───────────┼───────────┼──────
      dex │     2 MiB │     2 MiB │  0 B │   4.1 MiB │   4.1 MiB │  0 B 
     arsc │     1 MiB │     1 MiB │  0 B │     1 MiB │     1 MiB │  0 B 
 manifest │   2.3 KiB │   2.3 KiB │  0 B │     8 KiB │     8 KiB │  0 B 
      res │ 301.8 KiB │ 301.8 KiB │  0 B │ 455.5 KiB │ 455.5 KiB │  0 B 
   native │   6.2 MiB │   6.2 MiB │  0 B │  15.8 MiB │  15.8 MiB │  0 B 
    asset │   7.1 KiB │   7.1 KiB │  0 B │   6.9 KiB │   6.9 KiB │  0 B 
    other │  90.2 KiB │  90.2 KiB │ +5 B │ 170.3 KiB │ 170.3 KiB │  0 B 
──────────┼───────────┼───────────┼──────┼───────────┼───────────┼──────
    total │   9.6 MiB │   9.6 MiB │ +5 B │  21.5 MiB │  21.5 MiB │  0 B 

 DEX     │ old   │ new   │ diff      
─────────┼───────┼───────┼───────────
   files │     1 │     1 │ 0         
 strings │ 19966 │ 19966 │ 0 (+0 -0) 
   types │  6188 │  6188 │ 0 (+0 -0) 
 classes │  4979 │  4979 │ 0 (+0 -0) 
 methods │ 29759 │ 29759 │ 0 (+0 -0) 
  fields │ 17526 │ 17526 │ 0 (+0 -0) 

 ARSC    │ old  │ new  │ diff 
─────────┼──────┼──────┼──────
 configs │  164 │  164 │  0   
 entries │ 3622 │ 3622 │  0
APK 
   compressed    │   uncompressed   │                                           
──────────┬──────┼───────────┬──────┤                                           
 size     │ diff │ size      │ diff │ path                                      
──────────┼──────┼───────────┼──────┼───────────────────────────────────────────
 28.5 KiB │ +5 B │  62.9 KiB │  0 B │ ∆ META-INF/CERT.SF                        
  1.2 KiB │ -3 B │   1.2 KiB │  0 B │ ∆ META-INF/CERT.RSA                       
    271 B │ +2 B │     120 B │  0 B │ ∆ META-INF/version-control-info.textproto 
 25.3 KiB │ +1 B │  62.8 KiB │  0 B │ ∆ META-INF/MANIFEST.MF                    
──────────┼──────┼───────────┼──────┼───────────────────────────────────────────
 55.2 KiB │ +5 B │ 127.1 KiB │  0 B │ (total)

mludowise-stripe
mludowise-stripe requested changes Nov 15, 2024
View reviewed changes
Copy link

@mludowise-stripe mludowise-stripe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes generally lgtm, but I think

  1. We should add some test coverage for the various cases (mailto, http, https, allow-listed, non-allowlisted)
  2. Please add a link to the PR description with the jira ticket for papertrail purposes 😄

connect/src/main/java/com/stripe/android/connect/webview/StripeConnectWebViewClient.kt
view ?: return false // the view shouldn't be null, but if it is then don't handle the request
val url = request?.url ?: return false // if the request isn't for a url, then don't handle it
return if (url.host in ALLOWLISTED_HOSTS) {
logger.warning("(StripeConnectWebViewClient) Received pop-up for allow-listed host: $url")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a warning because we don't expect getting any of these given that messaging between windows on Android isn't supported? If this is the case, we should add a TODO here to add an analytic so we can setup alerts for it.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was going off of this in the spec: If host is allowlisted (connect.stripe.com or connect-js.stripe.com), print warning (stub out todo to log analytic error) because this isn't supported

Is that still accurate @mludowise-stripe? 👍 on adding an analytic here

connect/src/main/java/com/stripe/android/connect/webview/StripeConnectWebViewClient.kt
Comment on lines +59 to +60
logger.debug("(StripeConnectWebViewClient) Received unsupported pop-up request: $url")
true // block the request as it's unsupported
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this getting handled in MXMOBILE-2914? If so, should we add a TODO for it?

We have legitimate use cases for mailto urls, so we will need to handle this. A TODO would help clarify we're planning to do this in a followup PR 😄

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, good call

connect/src/main/java/com/stripe/android/connect/webview/StripeWebChromeClient.kt
Comment on lines +7 to +12
* A [WebChromeClient] that provides additional functionality for Stripe Connect Embedded Component WebViews.
*
* This class is currently empty, but it could be used to add additional functionality in the future
* Setting a [WebChromeClient] (even an empty one) is necessary for certain functionality, like
* [WebViewClient.shouldOverrideUrlLoading] to work properly.
*/
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@mludowise-stripe
Copy link

@simond-stripe here are the equivalent test cases on iOS:
https://github.com/stripe/stripe-ios/blob/4308bf5e/StripeConnect/StripeConnectTests/Internal/Webview/ConnectWebViewControllerTests.swift#L59-L146

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mludowise-stripe mludowise-stripe mludowise-stripe requested changes

@lng-stripe lng-stripe Awaiting requested review from lng-stripe

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@simond-stripe @mludowise-stripe