I am building a web browser using electron but I only want to store the cookies and not allow websites to use any web storage. I know that electron provides ses.clearStorageData to clear the storage data but I want some way to disable the local storage while the app is running.
Related
I have made a React-based Chrome extension for language learners. I would like to add features that will require a backend server and unique user sessions which I am creating.
The server will be a ruby on rails application. Normal session management with rails apps involves the browser sending back the session cookie when requests are made to a specific domain.
However, my client "app" is now an extension that is not accessing my site directly. I'm unsure of the specifics of how to maintain sessions that correspond to my backend server through the extension.
This is what I think so far:
Client signs in via a form on the extension
The backend responds with a session key of some kind
The extension saves the key in localstorage or maybe a cookie?
On subsequent page loads, the extension load script re-validates the session cookie in some way by sending it back to the server?
I will likely use Devise for log-in on the back-end server, but I'm not sure how to integrate the flow I need with that tool that usually used for standard client-server interactions.
I'm doing research for a new Slack app that will require the admin adding the app to paste an API token and request url for the third-party API which the app will call. I can't find anywhere in the Slack API docs to store these settings on an app-wide basis. Can this be done via environment variables of some type?
Slack Apps don't really store settings like that. You would need to persist them in a data store of your choice, like MySQL, Dynamo etc and access them from your code.
I have a website which uses an identity server to authenticate a user, though OIDC, I think. Inside the Xamarin Forms application, I have a facility to log in a user through an identity server via a token.
The website itself uses cookies to handle access tokens which difference to the application. (Note: the website was not written by me). I have so many features to write, so I decided to use WebView to handle those features using React, etc., so I don't need to rewrite the code in native and easy to manage at runtime when people using the application.
What is the logic behind having the mobile application log into the authorized page silently without the user needing to authenticate within the WebView?
Is it possible to handle this scenario?
On Android you can use the CookieManager to add/remove cookies that your private instance of Webview will use.
On iOS, UIWebView has NSHTTPCookieStorage and on the newer WKWebView (11+) you have WKHTTPCookieStore
Usually when I build a new website I create a .NET or PHP website. These website either connect to a MySQL DB or an external API. To do this I can securely store my credentials to these services and the back end will authenticate to them. Now since I want to build a Progressive Web App which is front-end only, how can I securely auth to these? Does my PWA have to have a login page that returns an API key that is dynamic? Thanks
Progressive Web App (PWA) is not front-end only. You can see the definition and the PWA Baseline too clearly understand what makes a PWA.
The problem you have mention is authentication on Single Page Web apps (which is front-end only). Here is the first article from Google with keyword "Single page web app authentication".
Token Based Authentication for Single Page Apps
I'm working on a cross-platform wxWidgets-based application that uses a WebView for a web-based OAuth login to a web site. The web site's OAuth login process uses cookies to cache a login token once authenticated, so that you can go through the process again to get another OAuth token if necessary without the user having to enter their credentials again. The WebView backend implementation wxWEBVIEW_WEBKIT that I'm using in the macOS version of the app preserves cookies between restarts of my app and even reboots of the OS. This makes it difficult to test the login process.
Where is the WebView backend persisting these cookies? How would I go about clearing them?
I've already tried clearing the cookies in Safari to no avail, and I removed all of the obvious cache files I saw in the app's file accesses as captured by opensnoop, but the cached login is still present.
Per a response on the wx-users list, wxWEBVIEW_WEBKIT is implemented using a simple macOS WebView.
As noted in How can I remove cookies stored by WebView in Cocoa application?, in macOS 10.11 (El Capitan) and later, each application's WebViews have their own cookie storage and do not have access to each others' cookies.
I did not find a way to manually clear my application's cookies; I tried removing the relevant *.binarycookies file from ~/Library/Cookies but that had no effect. It's still unclear to me where the cookies are stored.
However I was able to delete the cookies programmatically using the NSHTTPCookieStorage API, following the code snippet in https://stackoverflow.com/a/8486398/60422. I ended up just adding a menu item for this to my application to clear the cookies that I only use for manual testing purposes.