@capgo/inappbrowser 8.1.18 → 8.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/README.md +95 -0
  2. package/android/src/main/java/ee/forgr/capacitor_inappbrowser/InAppBrowserPlugin.java +88 -1
  3. package/android/src/main/java/ee/forgr/capacitor_inappbrowser/Options.java +27 -0
  4. package/android/src/main/java/ee/forgr/capacitor_inappbrowser/WebViewDialog.java +41 -3
  5. package/dist/docs.json +126 -0
  6. package/dist/esm/definitions.d.ts +111 -0
  7. package/dist/esm/definitions.js.map +1 -1
  8. package/dist/esm/web.d.ts +2 -1
  9. package/dist/esm/web.js +33 -0
  10. package/dist/esm/web.js.map +1 -1
  11. package/dist/plugin.cjs.js +33 -0
  12. package/dist/plugin.cjs.js.map +1 -1
  13. package/dist/plugin.js +33 -0
  14. package/dist/plugin.js.map +1 -1
  15. package/ios/Sources/InAppBrowserPlugin/InAppBrowserPlugin.swift +83 -4
  16. package/ios/Sources/InAppBrowserPlugin/WKWebViewController.swift +28 -7
  17. package/package.json +1 -1
package/README.md CHANGED
@@ -94,6 +94,24 @@ InAppBrowser.openWebView({
94
94
 
95
95
  Web platform is not supported. Use `window.open` instead.
96
96
 
97
+ ### Open WebView in Full Screen Mode
98
+
99
+ To open the webview in true full screen mode (content extends behind the status bar), set `enabledSafeTopMargin` to `false`:
100
+
101
+ ```js
102
+ import { InAppBrowser } from '@capgo/inappbrowser'
103
+
104
+ InAppBrowser.openWebView({
105
+ url: "YOUR_URL",
106
+ enabledSafeTopMargin: false // Disables safe area at top, allows full screen
107
+ });
108
+ ```
109
+
110
+ This option works independently of the toolbar type:
111
+ - **iOS**: The webview extends behind the status bar, providing true edge-to-edge content
112
+ - **Android**: The top margin is disabled, allowing content to fill the entire screen
113
+
114
+ Perfect for immersive experiences like video players, games, or full-screen web applications. Can be combined with any `toolbarType` setting.
97
115
 
98
116
  ### Test app and code:
99
117
 
@@ -236,6 +254,7 @@ window.mobileApp.close();
236
254
  * [`removeAllListeners()`](#removealllisteners)
237
255
  * [`reload(...)`](#reload)
238
256
  * [`updateDimensions(...)`](#updatedimensions)
257
+ * [`openSecureWindow(...)`](#opensecurewindow)
239
258
  * [Interfaces](#interfaces)
240
259
  * [Type Aliases](#type-aliases)
241
260
  * [Enums](#enums)
@@ -665,6 +684,63 @@ When `id` is omitted, targets the active webview.
665
684
  --------------------
666
685
 
667
686
 
687
+ ### openSecureWindow(...)
688
+
689
+ ```typescript
690
+ openSecureWindow(options: OpenSecureWindowOptions) => Promise<OpenSecureWindowResponse>
691
+ ```
692
+
693
+ Opens a secured window for OAuth2 authentication.
694
+ For web, you should have the code in the redirected page to use a broadcast channel to send the redirected url to the app
695
+ Something like:
696
+ ```html
697
+ &lt;html&gt;
698
+ &lt;head&gt;&lt;/head&gt;
699
+ &lt;body&gt;
700
+ &lt;script&gt;
701
+ const searchParams = new URLSearchParams(location.search)
702
+ if (searchParams.has("code")) {
703
+ new BroadcastChannel("my-channel-name").postMessage(location.href);
704
+ window.close();
705
+ }
706
+ &lt;/script&gt;
707
+ &lt;/body&gt;
708
+ &lt;/html&gt;
709
+ ```
710
+ For mobile, you should have a redirect uri that opens the app, something like: `myapp://oauth_callback/`
711
+ And make sure to register it in the app's info.plist:
712
+ ```xml
713
+ &lt;key&gt;CFBundleURLTypes&lt;/key&gt;
714
+ &lt;array&gt;
715
+ &lt;dict&gt;
716
+ &lt;key&gt;CFBundleURLSchemes&lt;/key&gt;
717
+ &lt;array&gt;
718
+ &lt;string&gt;myapp&lt;/string&gt;
719
+ &lt;/array&gt;
720
+ &lt;/dict&gt;
721
+ &lt;/array&gt;
722
+ ```
723
+ And in the AndroidManifest.xml file:
724
+ ```xml
725
+ &lt;activity&gt;
726
+ &lt;intent-filter&gt;
727
+ &lt;action android:name="android.intent.action.VIEW" /&gt;
728
+ &lt;category android:name="android.intent.category.DEFAULT" /&gt;
729
+ &lt;category android:name="android.intent.category.BROWSABLE" /&gt;
730
+ &lt;data android:host="oauth_callback" android:scheme="myapp" /&gt;
731
+ &lt;/intent-filter&gt;
732
+ &lt;/activity&gt;
733
+ ```
734
+
735
+ | Param | Type | Description |
736
+ | ------------- | --------------------------------------------------------------------------- | ------------------------------------------- |
737
+ | **`options`** | <code><a href="#opensecurewindowoptions">OpenSecureWindowOptions</a></code> | - the options for the openSecureWindow call |
738
+
739
+ **Returns:** <code>Promise&lt;<a href="#opensecurewindowresponse">OpenSecureWindowResponse</a>&gt;</code>
740
+
741
+ --------------------
742
+
743
+
668
744
  ### Interfaces
669
745
 
670
746
 
@@ -717,6 +793,8 @@ When `id` is omitted, targets the active webview.
717
793
  | **`url`** | <code>string</code> | Target URL to load. | | 0.1.0 |
718
794
  | **`headers`** | <code><a href="#headers">Headers</a></code> | <a href="#headers">Headers</a> to send with the request. | | 0.1.0 |
719
795
  | **`credentials`** | <code><a href="#credentials">Credentials</a></code> | <a href="#credentials">Credentials</a> to send with the request and all subsequent requests for the same host. | | 6.1.0 |
796
+ | **`method`** | <code>string</code> | HTTP method to use for the initial request. **Optional parameter - defaults to GET if not specified.** Existing code that doesn't provide this parameter will continue to work unchanged with standard GET requests. When specified with 'POST', 'PUT', or 'PATCH' methods that support a body, you can also provide a `body` parameter with the request payload. **Platform Notes:** - iOS: Full support for all HTTP methods with headers - Android: Custom headers may not be sent with POST/PUT/PATCH requests due to WebView limitations | <code>"GET"</code> | 8.2.0 |
797
+ | **`body`** | <code>string</code> | HTTP body to send with the request when using POST, PUT, or other methods that support a body. Should be a string (use JSON.stringify for JSON data). **Optional parameter - only used when `method` is specified and supports a request body.** Omitting this parameter (or using GET method) results in standard behavior without a request body. | | 8.2.0 |
720
798
  | **`materialPicker`** | <code>boolean</code> | materialPicker: if true, uses Material Design theme for date and time pickers on Android. This improves the appearance of HTML date inputs to use modern Material Design UI instead of the old style pickers. | <code>false</code> | 7.4.1 |
721
799
  | **`jsInterface`** | | JavaScript Interface: The webview automatically injects a JavaScript interface providing: - `window.mobileApp.close()`: Closes the webview from JavaScript - `window.mobileApp.postMessage(obj)`: Sends a message to the app (listen via "messageFromWebview" event) - `window.mobileApp.hide()` / `window.mobileApp.show()` when allowWebViewJsVisibilityControl is true in CapacitorConfig | | 6.10.0 |
722
800
  | **`shareDisclaimer`** | <code><a href="#disclaimeroptions">DisclaimerOptions</a></code> | Share options for the webview. When provided, shows a disclaimer dialog before sharing content. This is useful for: - Warning users about sharing sensitive information - Getting user consent before sharing - Explaining what will be shared - Complying with privacy regulations Note: shareSubject is required when using shareDisclaimer | | 0.1.0 |
@@ -748,6 +826,7 @@ When `id` is omitted, targets the active webview.
748
826
  | **`preventDeeplink`** | <code>boolean</code> | preventDeeplink: if true, the deeplink will not be opened, if false the deeplink will be opened when clicked on the link. on IOS each schema need to be added to info.plist file under LSApplicationQueriesSchemes when false to make it work. | <code>false</code> | 0.1.0 |
749
827
  | **`authorizedAppLinks`** | <code>string[]</code> | List of base URLs whose hosts are treated as authorized App Links (Android) and Universal Links (iOS). - On both platforms, only HTTPS links whose host matches any entry in this list will attempt to open via the corresponding native application. - If the app is not installed or the system cannot handle the link, the URL will continue loading inside the in-app browser. - Matching is host-based (case-insensitive), ignoring the "www." prefix. - When `preventDeeplink` is enabled, all external handling is blocked regardless of this list. | <code>[]</code> | 7.12.0 |
750
828
  | **`enabledSafeBottomMargin`** | <code>boolean</code> | If true, the webView will not take the full height and will have a 20px margin at the bottom. This creates a safe margin area outside the browser view. | <code>false</code> | 7.13.0 |
829
+ | **`enabledSafeTopMargin`** | <code>boolean</code> | If false, the webView will extend behind the status bar for true full-screen immersive content. When true (default), respects the safe area at the top of the screen. Works independently of toolbarType - use for full-screen video players, games, or immersive web apps. | <code>true</code> | 8.2.0 |
751
830
  | **`useTopInset`** | <code>boolean</code> | When true, applies the system status bar inset as the WebView top margin on Android. Keeps the legacy 0px margin by default for apps that handle padding themselves. | <code>false</code> | |
752
831
  | **`enableGooglePaySupport`** | <code>boolean</code> | enableGooglePaySupport: if true, enables support for Google Pay popups and Payment Request API. This fixes OR_BIBED_15 errors by allowing popup windows and configuring Cross-Origin-Opener-Policy. Only enable this if you need Google Pay functionality as it allows popup windows. When enabled: - Allows popup windows for Google Pay authentication - Sets proper CORS headers for Payment Request API - Enables multiple window support in WebView - Configures secure context for payment processing | <code>false</code> | 7.13.0 |
753
832
  | **`blockedHosts`** | <code>string[]</code> | blockedHosts: List of host patterns that should be blocked from loading in the InAppBrowser's internal navigations. Any request inside WebView to a URL with a host matching any of these patterns will be blocked. Supports wildcard patterns like: - "*.example.com" to block all subdomains - "www.example.*" to block wildcard domain extensions | <code>[]</code> | 7.17.0 |
@@ -814,6 +893,22 @@ When `id` is omitted, targets the active webview.
814
893
  | **`y`** | <code>number</code> | Y position from the top edge in pixels |
815
894
 
816
895
 
896
+ #### OpenSecureWindowResponse
897
+
898
+ | Prop | Type | Description |
899
+ | ------------------- | ------------------- | --------------------------------------- |
900
+ | **`redirectedUri`** | <code>string</code> | The result of the openSecureWindow call |
901
+
902
+
903
+ #### OpenSecureWindowOptions
904
+
905
+ | Prop | Type | Description |
906
+ | -------------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
907
+ | **`authEndpoint`** | <code>string</code> | The endpoint to open |
908
+ | **`redirectUri`** | <code>string</code> | The redirect URI to use for the openSecureWindow call. This will be checked to make sure it matches the redirect URI after the window finishes the redirection. |
909
+ | **`broadcastChannelName`** | <code>string</code> | The name of the broadcast channel to listen to, relevant only for web |
910
+
911
+
817
912
  ### Type Aliases
818
913
 
819
914
 
package/android/src/main/java/ee/forgr/capacitor_inappbrowser/InAppBrowserPlugin.java CHANGED
@@ -55,7 +55,7 @@ import org.json.JSONObject;
55
55
  )
56
56
  public class InAppBrowserPlugin extends Plugin implements WebViewDialog.PermissionHandler {
57
57
 
58
- private final String pluginVersion = "8.1.18";
58
+ private final String pluginVersion = "8.1.20";
59
59
 
60
60
  public static final String CUSTOM_TAB_PACKAGE_NAME = "com.android.chrome"; // Change when in stable
61
61
  private CustomTabsClient customTabsClient;
@@ -70,6 +70,9 @@ public class InAppBrowserPlugin extends Plugin implements WebViewDialog.Permissi
70
70
 
71
71
  private ActivityResultLauncher<Intent> fileChooserLauncher;
72
72
 
73
+ private PluginCall openSecureWindowSavedCall;
74
+ private String openSecureWindowRedirectUri;
75
+
73
76
  @Override
74
77
  public void load() {
75
78
  super.load();
@@ -621,6 +624,9 @@ public class InAppBrowserPlugin extends Plugin implements WebViewDialog.Permissi
621
624
  // Set enabledSafeBottomMargin option
622
625
  options.setEnabledSafeMargin(Boolean.TRUE.equals(call.getBoolean("enabledSafeBottomMargin", false)));
623
626
 
627
+ // Set enabledSafeTopMargin option (defaults to true for safe area)
628
+ options.setEnabledSafeTopMargin(call.getBoolean("enabledSafeTopMargin", true));
629
+
624
630
  // Use system top inset for WebView margin when explicitly enabled
625
631
  options.setUseTopInset(Boolean.TRUE.equals(call.getBoolean("useTopInset", false)));
626
632
 
@@ -767,6 +773,16 @@ public class InAppBrowserPlugin extends Plugin implements WebViewDialog.Permissi
767
773
  options.setAllowWebViewJsVisibilityControl(allowWebViewJsVisibilityControl);
768
774
  options.setInvisibilityMode(Options.InvisibilityMode.fromString(call.getString("invisibilityMode", "AWARE")));
769
775
 
776
+ // Set HTTP method and body if provided
777
+ String httpMethod = call.getString("method");
778
+ String httpBody = call.getString("body");
779
+ if (httpMethod != null) {
780
+ options.setHttpMethod(httpMethod);
781
+ }
782
+ if (httpBody != null) {
783
+ options.setHttpBody(httpBody);
784
+ }
785
+
770
786
  this.getActivity().runOnUiThread(
771
787
  new Runnable() {
772
788
  @Override
@@ -1094,6 +1110,11 @@ public class InAppBrowserPlugin extends Plugin implements WebViewDialog.Permissi
1094
1110
  if (!ok) {
1095
1111
  Log.e(getLogTag(), "Error binding to custom tabs service");
1096
1112
  }
1113
+ // If we have a saved call and user returned without callback, reject
1114
+ if (openSecureWindowSavedCall != null) {
1115
+ openSecureWindowSavedCall.reject("OAuth cancelled or no callback received");
1116
+ openSecureWindowSavedCall = null;
1117
+ }
1097
1118
  }
1098
1119
 
1099
1120
  protected void handleOnPause() {
@@ -1137,6 +1158,7 @@ public class InAppBrowserPlugin extends Plugin implements WebViewDialog.Permissi
1137
1158
  currentPermissionRequest = null;
1138
1159
  customTabsClient = null;
1139
1160
  currentSession = null;
1161
+ openSecureWindowSavedCall = null;
1140
1162
  super.handleOnDestroy();
1141
1163
  }
1142
1164
 
@@ -1184,4 +1206,69 @@ public class InAppBrowserPlugin extends Plugin implements WebViewDialog.Permissi
1184
1206
  }
1185
1207
  );
1186
1208
  }
1209
+
1210
+ @PluginMethod
1211
+ public void openSecureWindow(PluginCall call) {
1212
+ String authEndpoint = call.getString("authEndpoint");
1213
+
1214
+ if (authEndpoint == null || authEndpoint.isEmpty()) {
1215
+ call.reject("Auth endpoint is required");
1216
+ return;
1217
+ }
1218
+
1219
+ String redirectUri = call.getString("redirectUri");
1220
+ if (redirectUri == null || redirectUri.isEmpty()) {
1221
+ call.reject("Redirect URI is required");
1222
+ return;
1223
+ }
1224
+
1225
+ openSecureWindowSavedCall = call;
1226
+ openSecureWindowRedirectUri = redirectUri;
1227
+
1228
+ CustomTabsIntent.Builder builder = new CustomTabsIntent.Builder();
1229
+ builder.enableUrlBarHiding();
1230
+ builder.setShareState(CustomTabsIntent.SHARE_STATE_OFF);
1231
+ CustomTabsIntent customTabsIntent = builder.build();
1232
+ customTabsIntent.intent.setFlags(Intent.FLAG_ACTIVITY_NO_HISTORY | Intent.FLAG_ACTIVITY_CLEAR_TOP);
1233
+ customTabsIntent.intent.putExtra(CustomTabsIntent.EXTRA_ENABLE_INSTANT_APPS, false);
1234
+ customTabsIntent.intent.putExtra(CustomTabsIntent.EXTRA_DISABLE_BACKGROUND_INTERACTION, false);
1235
+ customTabsIntent.launchUrl(getActivity(), Uri.parse(authEndpoint));
1236
+ }
1237
+
1238
+ @Override
1239
+ protected void handleOnNewIntent(Intent intent) {
1240
+ super.handleOnNewIntent(intent);
1241
+
1242
+ if (intent == null || !Intent.ACTION_VIEW.equals(intent.getAction())) {
1243
+ return;
1244
+ }
1245
+
1246
+ Uri uri = intent.getData();
1247
+ if (uri == null) {
1248
+ return;
1249
+ }
1250
+
1251
+ if (openSecureWindowRedirectUri == null) {
1252
+ return;
1253
+ }
1254
+
1255
+ if (uri.getHost() == null || !uri.toString().startsWith(openSecureWindowRedirectUri)) {
1256
+ return;
1257
+ }
1258
+
1259
+ try {
1260
+ // Resolve the original call with the callback url
1261
+ if (openSecureWindowSavedCall != null) {
1262
+ final JSObject ret = new JSObject();
1263
+ ret.put("redirectedUri", uri.toString());
1264
+ openSecureWindowSavedCall.resolve(ret);
1265
+ openSecureWindowSavedCall = null;
1266
+ }
1267
+ } catch (Exception e) {
1268
+ if (openSecureWindowSavedCall != null) {
1269
+ openSecureWindowSavedCall.reject("Failed to process OAuth callback", e);
1270
+ openSecureWindowSavedCall = null;
1271
+ }
1272
+ }
1273
+ }
1187
1274
  }
package/android/src/main/java/ee/forgr/capacitor_inappbrowser/Options.java CHANGED
@@ -176,6 +176,7 @@ public class Options {
176
176
  private boolean preventDeeplink = false;
177
177
  private List<String> authorizedAppLinks = new ArrayList<>();
178
178
  private boolean enabledSafeBottomMargin = false;
179
+ private boolean enabledSafeTopMargin = true;
179
180
  private boolean useTopInset = false;
180
181
  private boolean enableGooglePaySupport = false;
181
182
  private List<String> blockedHosts = new ArrayList<>();
@@ -186,6 +187,8 @@ public class Options {
186
187
  private boolean hidden = false;
187
188
  private boolean allowWebViewJsVisibilityControl = false;
188
189
  private InvisibilityMode invisibilityMode = InvisibilityMode.AWARE;
190
+ private String httpMethod = null;
191
+ private String httpBody = null;
189
192
 
190
193
  public Integer getWidth() {
191
194
  return width;
@@ -243,6 +246,14 @@ public class Options {
243
246
  this.enabledSafeBottomMargin = enabledSafeBottomMargin;
244
247
  }
245
248
 
249
+ public boolean getEnabledSafeTopMargin() {
250
+ return enabledSafeTopMargin;
251
+ }
252
+
253
+ public void setEnabledSafeTopMargin(boolean enabledSafeTopMargin) {
254
+ this.enabledSafeTopMargin = enabledSafeTopMargin;
255
+ }
256
+
246
257
  public boolean getUseTopInset() {
247
258
  return useTopInset;
248
259
  }
@@ -527,4 +538,20 @@ public class Options {
527
538
  public void setInvisibilityMode(InvisibilityMode invisibilityMode) {
528
539
  this.invisibilityMode = invisibilityMode;
529
540
  }
541
+
542
+ public String getHttpMethod() {
543
+ return httpMethod;
544
+ }
545
+
546
+ public void setHttpMethod(String httpMethod) {
547
+ this.httpMethod = httpMethod;
548
+ }
549
+
550
+ public String getHttpBody() {
551
+ return httpBody;
552
+ }
553
+
554
+ public void setHttpBody(String httpBody) {
555
+ this.httpBody = httpBody;
556
+ }
530
557
  }
package/android/src/main/java/ee/forgr/capacitor_inappbrowser/WebViewDialog.java CHANGED
@@ -250,6 +250,19 @@ public class WebViewDialog extends Dialog {
250
250
  return _options != null && _options.getAllowWebViewJsVisibilityControl();
251
251
  }
252
252
 
253
+ /**
254
+ * Checks if the given HTTP method supports a request body.
255
+ * @param method The HTTP method to check
256
+ * @return true if the method supports a body (POST, PUT, PATCH), false otherwise
257
+ */
258
+ private boolean supportsRequestBody(String method) {
259
+ if (method == null) {
260
+ return false;
261
+ }
262
+ String upperMethod = method.toUpperCase();
263
+ return upperMethod.equals("POST") || upperMethod.equals("PUT") || upperMethod.equals("PATCH");
264
+ }
265
+
253
266
  public class PreShowScriptInterface {
254
267
 
255
268
  @JavascriptInterface
@@ -915,7 +928,30 @@ public class WebViewDialog extends Dialog {
915
928
  }
916
929
  }
917
930
 
918
- _webView.loadUrl(this._options.getUrl(), requestHeaders);
931
+ // Load URL with optional HTTP method and body
932
+ String httpMethod = _options.getHttpMethod();
933
+ String httpBody = _options.getHttpBody();
934
+
935
+ if (supportsRequestBody(httpMethod) && httpBody != null) {
936
+ // For POST/PUT/PATCH requests with body
937
+ // Note: Android WebView has limitations with custom headers on POST
938
+ // Headers may not be sent with the initial request when using postUrl
939
+ byte[] postData = httpBody.getBytes(StandardCharsets.UTF_8);
940
+ _webView.postUrl(this._options.getUrl(), postData);
941
+
942
+ // Log a warning if headers were provided, as they won't be sent with postUrl
943
+ if (!requestHeaders.isEmpty()) {
944
+ Log.w(
945
+ "InAppBrowser",
946
+ "Custom headers were provided but may not be sent with POST request. " +
947
+ "Android WebView's postUrl method has limited header support."
948
+ );
949
+ }
950
+ } else {
951
+ // For GET and other methods, use loadUrl with headers
952
+ _webView.loadUrl(this._options.getUrl(), requestHeaders);
953
+ }
954
+
919
955
  _webView.requestFocus();
920
956
  _webView.requestFocusFromTouch();
921
957
 
@@ -1181,8 +1217,10 @@ public class WebViewDialog extends Dialog {
1181
1217
  );
1182
1218
  int navBottom = _options.getEnabledSafeMargin() ? safeBottomInset : 0;
1183
1219
 
1184
- // Apply top inset only if useTopInset option is enabled or fallback to 0px
1185
- int navTop = _options.getUseTopInset() ? bars.top : 0;
1220
+ // Apply top inset based on enabledSafeTopMargin and useTopInset options
1221
+ // If enabledSafeTopMargin is false, force full screen (no top margin)
1222
+ // Otherwise, use useTopInset to determine if system inset should be applied
1223
+ int navTop = _options.getEnabledSafeTopMargin() && _options.getUseTopInset() ? bars.top : 0;
1186
1224
 
1187
1225
  // Avoid double-applying top inset; AppBar/status bar handled above on Android 15+
1188
1226
  mlp.topMargin = isAndroid15Plus ? 0 : navTop;
package/dist/docs.json CHANGED
@@ -514,6 +514,30 @@
514
514
  "DimensionOptions"
515
515
  ],
516
516
  "slug": "updatedimensions"
517
+ },
518
+ {
519
+ "name": "openSecureWindow",
520
+ "signature": "(options: OpenSecureWindowOptions) => Promise<OpenSecureWindowResponse>",
521
+ "parameters": [
522
+ {
523
+ "name": "options",
524
+ "docs": "- the options for the openSecureWindow call",
525
+ "type": "OpenSecureWindowOptions"
526
+ }
527
+ ],
528
+ "returns": "Promise<OpenSecureWindowResponse>",
529
+ "tags": [
530
+ {
531
+ "name": "param",
532
+ "text": "options - the options for the openSecureWindow call"
533
+ }
534
+ ],
535
+ "docs": "Opens a secured window for OAuth2 authentication.\nFor web, you should have the code in the redirected page to use a broadcast channel to send the redirected url to the app\nSomething like:\n```html\n<html>\n<head></head>\n<body>\n<script>\n const searchParams = new URLSearchParams(location.search)\n if (searchParams.has(\"code\")) {\n new BroadcastChannel(\"my-channel-name\").postMessage(location.href);\n window.close();\n }\n</script>\n</body>\n</html>\n```\nFor mobile, you should have a redirect uri that opens the app, something like: `myapp://oauth_callback/`\nAnd make sure to register it in the app's info.plist:\n```xml\n<key>CFBundleURLTypes</key>\n<array>\n <dict>\n <key>CFBundleURLSchemes</key>\n <array>\n <string>myapp</string>\n </array>\n </dict>\n</array>\n```\nAnd in the AndroidManifest.xml file:\n```xml\n<activity>\n <intent-filter>\n <action android:name=\"android.intent.action.VIEW\" />\n <category android:name=\"android.intent.category.DEFAULT\" />\n <category android:name=\"android.intent.category.BROWSABLE\" />\n <data android:host=\"oauth_callback\" android:scheme=\"myapp\" />\n </intent-filter>\n</activity>\n```",
536
+ "complexTypes": [
537
+ "OpenSecureWindowResponse",
538
+ "OpenSecureWindowOptions"
539
+ ],
540
+ "slug": "opensecurewindow"
517
541
  }
518
542
  ],
519
543
  "properties": []
@@ -727,6 +751,42 @@
727
751
  ],
728
752
  "type": "Credentials"
729
753
  },
754
+ {
755
+ "name": "method",
756
+ "tags": [
757
+ {
758
+ "text": "8.2.0",
759
+ "name": "since"
760
+ },
761
+ {
762
+ "text": "\"GET\"",
763
+ "name": "default"
764
+ },
765
+ {
766
+ "text": "method: \"POST\",\nbody: JSON.stringify({ token: \"auth-token\", data: \"value\" }),\nheaders: { \"Content-Type\": \"application/json\" }",
767
+ "name": "example"
768
+ }
769
+ ],
770
+ "docs": "HTTP method to use for the initial request.\n\n**Optional parameter - defaults to GET if not specified.**\nExisting code that doesn't provide this parameter will continue to work unchanged with standard GET requests.\n\nWhen specified with 'POST', 'PUT', or 'PATCH' methods that support a body,\nyou can also provide a `body` parameter with the request payload.\n\n**Platform Notes:**\n- iOS: Full support for all HTTP methods with headers\n- Android: Custom headers may not be sent with POST/PUT/PATCH requests due to WebView limitations",
771
+ "complexTypes": [],
772
+ "type": "string | undefined"
773
+ },
774
+ {
775
+ "name": "body",
776
+ "tags": [
777
+ {
778
+ "text": "8.2.0",
779
+ "name": "since"
780
+ },
781
+ {
782
+ "text": "method: \"POST\",\nbody: JSON.stringify({ username: \"user\", password: \"pass\" }),\nheaders: { \"Content-Type\": \"application/json\" }",
783
+ "name": "example"
784
+ }
785
+ ],
786
+ "docs": "HTTP body to send with the request when using POST, PUT, or other methods that support a body.\nShould be a string (use JSON.stringify for JSON data).\n\n**Optional parameter - only used when `method` is specified and supports a request body.**\nOmitting this parameter (or using GET method) results in standard behavior without a request body.",
787
+ "complexTypes": [],
788
+ "type": "string | undefined"
789
+ },
730
790
  {
731
791
  "name": "materialPicker",
732
792
  "tags": [
@@ -1273,6 +1333,26 @@
1273
1333
  "complexTypes": [],
1274
1334
  "type": "boolean | undefined"
1275
1335
  },
1336
+ {
1337
+ "name": "enabledSafeTopMargin",
1338
+ "tags": [
1339
+ {
1340
+ "text": "8.2.0",
1341
+ "name": "since"
1342
+ },
1343
+ {
1344
+ "text": "true",
1345
+ "name": "default"
1346
+ },
1347
+ {
1348
+ "text": "enabledSafeTopMargin: false // Full screen, extends behind status bar",
1349
+ "name": "example"
1350
+ }
1351
+ ],
1352
+ "docs": "If false, the webView will extend behind the status bar for true full-screen immersive content.\nWhen true (default), respects the safe area at the top of the screen.\nWorks independently of toolbarType - use for full-screen video players, games, or immersive web apps.",
1353
+ "complexTypes": [],
1354
+ "type": "boolean | undefined"
1355
+ },
1276
1356
  {
1277
1357
  "name": "useTopInset",
1278
1358
  "tags": [
@@ -1649,6 +1729,52 @@
1649
1729
  "type": "number | undefined"
1650
1730
  }
1651
1731
  ]
1732
+ },
1733
+ {
1734
+ "name": "OpenSecureWindowResponse",
1735
+ "slug": "opensecurewindowresponse",
1736
+ "docs": "",
1737
+ "tags": [],
1738
+ "methods": [],
1739
+ "properties": [
1740
+ {
1741
+ "name": "redirectedUri",
1742
+ "tags": [],
1743
+ "docs": "The result of the openSecureWindow call",
1744
+ "complexTypes": [],
1745
+ "type": "string"
1746
+ }
1747
+ ]
1748
+ },
1749
+ {
1750
+ "name": "OpenSecureWindowOptions",
1751
+ "slug": "opensecurewindowoptions",
1752
+ "docs": "",
1753
+ "tags": [],
1754
+ "methods": [],
1755
+ "properties": [
1756
+ {
1757
+ "name": "authEndpoint",
1758
+ "tags": [],
1759
+ "docs": "The endpoint to open",
1760
+ "complexTypes": [],
1761
+ "type": "string"
1762
+ },
1763
+ {
1764
+ "name": "redirectUri",
1765
+ "tags": [],
1766
+ "docs": "The redirect URI to use for the openSecureWindow call.\nThis will be checked to make sure it matches the redirect URI after the window finishes the redirection.",
1767
+ "complexTypes": [],
1768
+ "type": "string"
1769
+ },
1770
+ {
1771
+ "name": "broadcastChannelName",
1772
+ "tags": [],
1773
+ "docs": "The name of the broadcast channel to listen to, relevant only for web",
1774
+ "complexTypes": [],
1775
+ "type": "string | undefined"
1776
+ }
1777
+ ]
1652
1778
  }
1653
1779
  ],
1654
1780
  "enums": [