npm - @quiltt/react-native - Versions diffs - 3.6.7 → 3.6.9 - Mend

@quiltt/react-native 3.6.7 → 3.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md +20 -0
package/README.md +2 -2
package/dist/index.cjs +21 -16
package/dist/index.js +21 -16
package/package.json +3 -3
package/src/components/QuilttConnector.tsx +21 -12
package/src/version.ts +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,25 @@
 # @quiltt/react-native
+## 3.6.9
+### Patch Changes
+- [#260](https://github.com/quiltt/quiltt-js/pull/260) [`6e80930`](https://github.com/quiltt/quiltt-js/commit/6e80930f84013f483e2c75fcb37a28dc4996dadc) Thanks [@zubairaziz](https://github.com/zubairaziz)! - Refactor QuilttConnector to remove URL allow list
+- Updated dependencies [[`6e80930`](https://github.com/quiltt/quiltt-js/commit/6e80930f84013f483e2c75fcb37a28dc4996dadc)]:
+  - @quiltt/core@3.6.9
+  - @quiltt/react@3.6.9
+## 3.6.8
+### Patch Changes
+- [#258](https://github.com/quiltt/quiltt-js/pull/258) [`dc97e95`](https://github.com/quiltt/quiltt-js/commit/dc97e95dfa73bc1ccf09add6af70e4f95a458fab) Thanks [@rubendinho](https://github.com/rubendinho)! - Add URLs to WebView allowList
+- Updated dependencies [[`dc97e95`](https://github.com/quiltt/quiltt-js/commit/dc97e95dfa73bc1ccf09add6af70e4f95a458fab)]:
+  - @quiltt/core@3.6.8
+  - @quiltt/react@3.6.8
 ## 3.6.7
 ### Patch Changes

package/README.md CHANGED Viewed

@@ -27,11 +27,11 @@ Launch the [Quiltt Connector](https://www.quiltt.dev/connector) in a webview.
 `@quiltt/react-native` does not include any navigation library, you might want to navigate to a new "page" when using QuilttConnector to get the best result.
-For simple usage of `react-navigation`, please see [App.tsx](examples/expo/App.tsx) and [ConnectorScreen.tsx](examples/expo/screens/ConnectorScreen.tsx).
+For simple usage of `react-navigation`, please see [App.tsx](../../examples/react-native-expo/App.tsx) and [ConnectorScreen.tsx](../../examples/react-native-expo/screens/ConnectorScreen.tsx).
 #### Example
-```typescript
+```tsx
 import { useState } from 'react'
 import { QuilttProvider } from '@quiltt/react'
 import { QuilttConnector } from '@quiltt/react-native'

package/dist/index.cjs CHANGED Viewed

@@ -11,7 +11,7 @@ var reactNative = require('react-native');
 var util = require('@honeybadger-io/core/build/src/util');
 // Generated by genversion.
-const version = '3.6.7';
+const version = '3.6.9';
 const AndroidSafeAreaView = ({ testId, children })=>/*#__PURE__*/ jsxRuntime.jsx(reactNative.SafeAreaView, {
         testID: testId,
@@ -319,25 +319,30 @@ const QuilttConnector = ({ testId, connectorId, connectionId, institution, oauth
         institution,
         session?.token
     ]);
-    // allowedListUrl & shouldRender ensure we are only rendering Quiltt, MX and Plaid content in Webview
-    // For other urls, we assume those are bank urls, which needs to be handle in external browser.
-    // TODO: Convert it to a list from Quiltt Server to prevent MX/ Plaid changes.
-    const allowedListUrl = react$1.useMemo(()=>[
-            'quiltt.app',
-            'quiltt.dev',
-            'moneydesktop.com',
-            'cdn.plaid.com',
-            'www.google.com'
-        ], []);
+    // urlAllowList & shouldRender ensure we are only rendering Quiltt, MX and Plaid content in Webview
+    // For other urls, we assume those are bank urls, which need to be handled in external browser.
+    // TODO: Need to regroup on this and figure out a better way to handle a URL allow list
+    // const urlAllowList = useMemo(
+    //   () => [
+    //     'quiltt.io',
+    //     'quiltt.app',
+    //     'quiltt.dev',
+    //     'moneydesktop.com',
+    //     'plaid.com',
+    //     'https://cdn.plaid.com/link',
+    //     'https://www.google.com/recaptcha',
+    //     'https://challenges.cloudflare.com',
+    //     'https://api.stripe.com',
+    //     'https://cdn.jsdelivr.net',
+    //     'https://auth0.com',
+    //   ],
+    //   []
+    // )
     const isQuilttEvent = react$1.useCallback((url)=>url.protocol === 'quilttconnector:', []);
     const shouldRender = react$1.useCallback((url)=>{
         if (isQuilttEvent(url)) return false;
-        if (url.protocol !== 'https:') {
-            return false;
-        }
-        return allowedListUrl.some((href)=>url.href.includes(href));
+        return url.protocol === 'https:';
     }, [
-        allowedListUrl,
         isQuilttEvent
     ]);
     const clearLocalStorage = ()=>{

package/dist/index.js CHANGED Viewed

@@ -10,7 +10,7 @@ import { StyleSheet, Platform, StatusBar, SafeAreaView, View, Text, Pressable, A
 import { generateStackTrace, makeBacktrace, getCauses } from '@honeybadger-io/core/build/src/util';
 // Generated by genversion.
-const version = '3.6.7';
+const version = '3.6.9';
 const AndroidSafeAreaView = ({ testId, children })=>/*#__PURE__*/ jsx(SafeAreaView, {
         testID: testId,
@@ -318,25 +318,30 @@ const QuilttConnector = ({ testId, connectorId, connectionId, institution, oauth
         institution,
         session?.token
     ]);
-    // allowedListUrl & shouldRender ensure we are only rendering Quiltt, MX and Plaid content in Webview
-    // For other urls, we assume those are bank urls, which needs to be handle in external browser.
-    // TODO: Convert it to a list from Quiltt Server to prevent MX/ Plaid changes.
-    const allowedListUrl = useMemo(()=>[
-            'quiltt.app',
-            'quiltt.dev',
-            'moneydesktop.com',
-            'cdn.plaid.com',
-            'www.google.com'
-        ], []);
+    // urlAllowList & shouldRender ensure we are only rendering Quiltt, MX and Plaid content in Webview
+    // For other urls, we assume those are bank urls, which need to be handled in external browser.
+    // TODO: Need to regroup on this and figure out a better way to handle a URL allow list
+    // const urlAllowList = useMemo(
+    //   () => [
+    //     'quiltt.io',
+    //     'quiltt.app',
+    //     'quiltt.dev',
+    //     'moneydesktop.com',
+    //     'plaid.com',
+    //     'https://cdn.plaid.com/link',
+    //     'https://www.google.com/recaptcha',
+    //     'https://challenges.cloudflare.com',
+    //     'https://api.stripe.com',
+    //     'https://cdn.jsdelivr.net',
+    //     'https://auth0.com',
+    //   ],
+    //   []
+    // )
     const isQuilttEvent = useCallback((url)=>url.protocol === 'quilttconnector:', []);
     const shouldRender = useCallback((url)=>{
         if (isQuilttEvent(url)) return false;
-        if (url.protocol !== 'https:') {
-            return false;
-        }
-        return allowedListUrl.some((href)=>url.href.includes(href));
+        return url.protocol === 'https:';
     }, [
-        allowedListUrl,
         isQuilttEvent
     ]);
     const clearLocalStorage = ()=>{

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@quiltt/react-native",
-  "version": "3.6.7",
+  "version": "3.6.9",
   "description": "React Native components for Quiltt Connector",
   "homepage": "https://github.com/quiltt/quiltt-js/tree/main/packages/react-native#readme",
   "repository": {
@@ -27,8 +27,8 @@
   ],
   "dependencies": {
     "@honeybadger-io/core": "6.6.0",
-    "@quiltt/core": "3.6.7",
-    "@quiltt/react": "3.6.7"
+    "@quiltt/core": "3.6.9",
+    "@quiltt/react": "3.6.9"
   },
   "devDependencies": {
     "@apollo/client": "3.9.9",

package/src/components/QuilttConnector.tsx CHANGED Viewed

@@ -86,25 +86,34 @@ const QuilttConnector = ({
     webViewRef.current?.injectJavaScript(script)
   }, [connectionId, connectorId, institution, session?.token])
-  // allowedListUrl & shouldRender ensure we are only rendering Quiltt, MX and Plaid content in Webview
-  // For other urls, we assume those are bank urls, which needs to be handle in external browser.
-  // TODO: Convert it to a list from Quiltt Server to prevent MX/ Plaid changes.
-  const allowedListUrl = useMemo(
-    () => ['quiltt.app', 'quiltt.dev', 'moneydesktop.com', 'cdn.plaid.com', 'www.google.com'],
-    []
-  )
+  // urlAllowList & shouldRender ensure we are only rendering Quiltt, MX and Plaid content in Webview
+  // For other urls, we assume those are bank urls, which need to be handled in external browser.
+  // TODO: Need to regroup on this and figure out a better way to handle a URL allow list
+  // const urlAllowList = useMemo(
+  //   () => [
+  //     'quiltt.io',
+  //     'quiltt.app',
+  //     'quiltt.dev',
+  //     'moneydesktop.com',
+  //     'plaid.com',
+  //     'https://cdn.plaid.com/link',
+  //     'https://www.google.com/recaptcha',
+  //     'https://challenges.cloudflare.com',
+  //     'https://api.stripe.com',
+  //     'https://cdn.jsdelivr.net',
+  //     'https://auth0.com',
+  //   ],
+  //   []
+  // )
   const isQuilttEvent = useCallback((url: URL) => url.protocol === 'quilttconnector:', [])
   const shouldRender = useCallback(
     (url: URL) => {
       if (isQuilttEvent(url)) return false
-      if (url.protocol !== 'https:') {
-        return false
-      }
-      return allowedListUrl.some((href) => url.href.includes(href))
+      return url.protocol === 'https:'
     },
-    [allowedListUrl, isQuilttEvent]
+    [isQuilttEvent]
   )
   const clearLocalStorage = () => {

package/src/version.ts CHANGED Viewed

@@ -1,2 +1,2 @@
 // Generated by genversion.
-export const version = '3.6.7'
+export const version = '3.6.9'