fix: route plugin API requests through native HTTP#1928
fix: route plugin API requests through native HTTP#1928Ebola-Chan-bot wants to merge 2 commits intoAcode-Foundation:mainfrom
Conversation
Work around the plugin API CORS mismatch seen in the Android WebView. The upstream API currently responds with Access-Control-Allow-Origin: https://localhost while the app runs from http://localhost, which causes fetch-based plugin requests to fail even though the API is reachable. Add helpers.requestJson() so remote JSON requests prefer cordova-plugin-advanced-http instead of a fetch fallback. For the plugin API workload the bridge overhead is negligible compared with network latency, while the native path avoids the WebView CORS policy mismatch entirely. Update checkAPIStatus() to use the shared helper, await the async API status check in the sidebar extension panel, encode plugin search queries, and route plugin list, search, explore, and filtered requests in both plugin entry points through the shared JSON helper.
Greptile SummarySummaryThis PR fixes a real CORS mismatch between the Acode WebView origin ( Key Changes
Technical ApproachThe CORS workaround is correct: the native HTTP path bypasses WebView CORS policies entirely and avoids the mismatch. All plugin list, search, explore, and filter calls in both The intentional hard-throw when native HTTP is unavailable (no fetch fallback) aligns with the design goal: this feature exists specifically to work around Android WebView CORS issues, not to provide a cross-platform plugin API transport. All call sites have appropriate error handling that degrades gracefully to user-facing error messages. Confidence Score: 4/5
Last reviewed commit: f6e5d52 |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR routes plugin registry/API traffic through Cordova’s native HTTP layer to avoid Android WebView CORS issues caused by an upstream Access-Control-Allow-Origin mismatch.
Changes:
- Added a shared
helpers.requestJson()helper that performs JSON GETs viacordova-plugin-advanced-http, and updatedhelpers.checkAPIStatus()to use it. - Updated the Extensions sidebar panel to await the API status check, encode search queries, and route list/search/explore/filter requests through
helpers.requestJson(). - Updated the Plugins page to encode remote search queries and route list/filter/search requests through
helpers.requestJson().
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/utils/helpers.js | Adds a native-HTTP JSON helper and reworks API status checks to use it. |
| src/sidebarApps/extensions/index.js | Switches plugin registry fetches to the shared native JSON helper; fixes missing await and URL-encodes search queries. |
| src/pages/plugins/plugins.js | Switches plugin registry fetches to the shared native JSON helper and URL-encodes search queries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Attach endpoint context to native HTTP JSON parsing failures so malformed 200 responses from the plugin API no longer surface as context-free SyntaxError exceptions. Restore actionable logging for remote plugin search failures by including both the query text and resolved search URL in the error path. Keep the plugin API transport strictly on the native HTTP path and document why fetch fallback is intentionally rejected in this codepath, since the WebView CORS mismatch is the bug this branch exists to avoid. Record the current npm lockfile state produced by the branch after dependency installation so the submodule remains internally consistent.
|
LGTM! but you are wrong regarding app runs on |
|
@greptileai review again |
|
@Ebola-Chan-bot Raunak (bajrangCoder) is correct about pointing out that the app runs on HTTPS. This can be found while inspecting the app with the Eruda console. Overall the code seems fine to me |
|
It has been confirmed that this bug was accidentally introduced by my debugging system. There is nothing that really needs to be fixed. Thank you and apologize for the interruption. |
Work around the plugin API CORS mismatch seen in the Android WebView. The upstream API currently responds with Access-Control-Allow-Origin: https://localhost while the app runs from http://localhost, which causes fetch-based plugin requests to fail even though the API is reachable.
Add helpers.requestJson() so remote JSON requests prefer cordova-plugin-advanced-http instead of a fetch fallback. For the plugin API workload the bridge overhead is negligible compared with network latency, while the native path avoids the WebView CORS policy mismatch entirely.
Update checkAPIStatus() to use the shared helper, await the async API status check in the sidebar extension panel, encode plugin search queries, and route plugin list, search, explore, and filtered requests in both plugin entry points through the shared JSON helper.