Ionic ios mobile app with Angularfire integration would open up Safari app and would point to "firebase project webpage"

amjadyahya · November 18, 2020, 6:02pm

When developing an Ionic app with Angularfire integration and then deploying and running on an iPhone device, the app would often open the Safari app then show the Firebase project webpage with this url: https://app-project-name.firebaseapp.com.

This is defiantly a bad user experience and a potential security risk as it exposes to any attacker the real firebase project url.

Development Environment:

Angular/core: 10.0.0
Firebase: ^7.23.0
AngularFire:^6.0.3
Ionic: 5.0.0
Cordova-ios: ^6.1.1
Node: 10.15.3
Operating system: MacOS: 10.14.6
Xcode: 11.3
iPhone: 7 with iOS version 13.3.1

Steps to set up and reproduce

Create and ionic/angular project.

Integrate Angularfire in app.module.ts

Add Auth angularfire functionality.

Build for iOS and run on a physical device, upon running, the app would open Safari and point to your project’s firebase url.

tlosbar · November 19, 2020, 11:29am

I have the same issue since few months…
I noticed this happens only for smartphone iOS and never happens on iPad.

Can you open an issue directly in the GitHub repo, please ?

amjadyahya · November 19, 2020, 12:33pm

Apparently, this does not seem like an Ionic issue. This looks like a Firebase issue, so it wont help if I opened an issue on Ionic github. I have posted here hoping that someone with the same issue figured this out.

I already have opened an issue in Angularfire GitHub repo (https://github.com/angular/angularfire/issues/2641), but it was closed because “there are other issues and solutions to this going around & it’s not specific to AngularFire”.

Anyone has or can direct us to a solution?

tlosbar · November 19, 2020, 12:46pm

@amjadyahya exploring the web I finally found an issue in cordova… It seams to be related to cordova-ios >6.0 .

See the link bellow :

We have to downgrade the version to cordova-ios or whitelist some urls

amjadyahya · November 19, 2020, 12:52pm

I’m looking right now at this github issue, but could not figure out what to whitelist.
Does downgrading cordova-ios to 5.x.x affect the WKWebView requirement? coz cordova-ios@^6.0.0 is also affected.

tlosbar · November 19, 2020, 1:22pm

Me neither… but there is a pull request : https://github.com/apache/cordova-ios/pull/1023/commits/7dd26bf5a77f8721c66b98ce6666d29f774a7e17 .

I copied the code directly in /node_modules/cordova-ios/CordovaLib/Classes/Private/Plugins/CDVIntentAndNavigationFilter/CDVIntentAndNavigationFilter.m

Clean and restart my project by executing this code below

rm -rf platforms plugins www
ionic cordova platform add iOS
ionic cordova prepare ios

And it seems to work for me with the 6.1.1.
I hope they will adopt directly this PR into the next upgrade of cordova-ios 6.1.2 because I’m afraid about downgrading my project and have a lot of other issues…

amjadyahya · November 19, 2020, 1:40pm

Perfect, thanks a lot.