From 572502f17e2f386a16b5d6611c5ac3e57d39923b Mon Sep 17 00:00:00 2001
From: Niklas Merz <niklasmerz@apache.org>
Date: Wed, 14 Jul 2021 15:29:15 +0200
Subject: [PATCH] fix: add WebViewAssetloader to default allow list (#1275)

---
 framework/src/org/apache/cordova/AllowListPlugin.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/framework/src/org/apache/cordova/AllowListPlugin.java b/framework/src/org/apache/cordova/AllowListPlugin.java
index 7b2e7873b7..3333180745 100644
--- a/framework/src/org/apache/cordova/AllowListPlugin.java
+++ b/framework/src/org/apache/cordova/AllowListPlugin.java
@@ -23,6 +23,7 @@ Licensed to the Apache Software Foundation (ASF) under one
 import org.apache.cordova.ConfigXmlParser;
 import org.apache.cordova.LOG;
 import org.apache.cordova.AllowList;
+import org.apache.cordova.CordovaPreferences;
 import org.xmlpull.v1.XmlPullParser;
 
 import android.content.Context;
@@ -73,12 +74,19 @@ public void pluginInitialize() {
     }
 
     private class CustomConfigXmlParser extends ConfigXmlParser {
+        private CordovaPreferences prefs = new CordovaPreferences();
+
         @Override
         public void handleStartTag(XmlPullParser xml) {
             String strNode = xml.getName();
             if (strNode.equals("content")) {
                 String startPage = xml.getAttributeValue(null, "src");
                 allowedNavigations.addAllowListEntry(startPage, false);
+
+                // Allow origin for WebViewAssetLoader
+                if (!this.prefs.getBoolean("AndroidInsecureFileModeEnabled", false)) {
+                    allowedNavigations.addAllowListEntry("https://" + this.prefs.getString("hostname", "localhost"), false);
+                }
             } else if (strNode.equals("allow-navigation")) {
                 String origin = xml.getAttributeValue(null, "href");
                 if ("*".equals(origin)) {