CA-6409: Add workaround for Google SSO#264
Conversation
…ing to use Google SSO.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit a7fcc3f. Configure here.
| public func didInitiateNavigation(_ navigation: NavigationItem, in webView: WKWebView) { | ||
| if let viewModel { | ||
| webView.customUserAgent = viewModel.customUserAgent(for: navigation.request.url) | ||
| } |
There was a problem hiding this comment.
User agent set too late
Medium Severity
webView.customUserAgent is updated inside didInitiateNavigation, which runs from didStartProvisionalNavigation after the navigation request has already been sent. The main document load for that navigation therefore still uses the prior user agent, so direct loads of Google SSO URLs (and back/forward to them) may keep sending the Topaz agent on the request Google evaluates.
Reviewed by Cursor Bugbot for commit a7fcc3f. Configure here.
There was a problem hiding this comment.
I tested it against Google SSO. Seems to work just fine.
|
Closing in favor of #266 |
1 participant
Google SSO whitelists "secure browsers." We haven't got on this list yet, but still want users to be able to use Google SSO. This workaround temporarily switches the user agent to Safari if Topaz detects a user is attempting to sign in via Google SSO.
Note
Medium Risk
Touches authentication-related navigation and broad Google host/path heuristics; misclassification could send the wrong UA on unrelated Google pages or miss edge SSO URLs.
Overview
Adds a temporary Google SSO workaround by choosing the
WKWebViewuser agent per URL instead of always sending the Topaz string.WebPageModelnow keeps a default Topaz UA and a Safari-style UA, withcustomUserAgent(for:)returning the Safari string whenusesGoogleCompatibleUserAgentmatches juul.com Google OAuth entry, Google/YouTube account hosts, or common Google OAuth/sign-in URL patterns.CoordinatorsetswebView.customUserAgentfrom that helper on page updates and at the start of each navigation so redirects through Google still get the compatible agent.Reviewed by Cursor Bugbot for commit a7fcc3f. Configure here.