Security: WebView auth token domain validation, redirect race condition, and file:// URI removal

[Copilot]

Three security vulnerabilities identified in a codebase audit, ranging from auth token leakage to unintended file access via exported components.

Changes

OnlyOfficeActivity — URL domain validation before auth header attachment

The ****** was attached to any URL passed via intent extra, with no origin check. Added isUrlFromTrustedDomain() that enforces HTTPS and *.infomaniak.com host before building the Authorization header. Activity finishes immediately on failure.

if (!isUrlFromTrustedDomain(url)) {
    finish()
    return@with
}
val headers = mapOf("Authorization" to "******")

OnlyOfficeActivity — shouldOverrideUrlLoading race condition

popBackIfNeeded() calls finish() for out-of-pattern redirects, but view.loadUrl() was called unconditionally afterward — the rejected URL briefly loaded in the WebView. Now guarded with isFinishing.

popBackIfNeeded(redirectUrl)
if (!isFinishing) view.loadUrl(redirectUrl)

AndroidManifest.xml — Remove file:// scheme from PreviewPDFActivity

The exported PDF viewer accepted file:// URIs, bypassing ContentProvider access controls. Any app could craft an intent pointing at sensitive files on shared storage. Restricted to content:// only, which enforces proper URI permission grants.

---

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud