This value can be then accessed using expo-application getInstallReferrerAsync function.
Details
- Reviewers
bartek kamil ashoat - Commits
- rCOMM48e5d941cf3c: [native] Pass a referrer to Google Play
Delete Comm from an emulator. Click a link that opens the store. Run the app on that device. Log the referrer when the app is started - it should contain the secret.
Diff Detail
- Repository
- rCOMM Comm
- Branch
- invite2
- Lint
No Lint Coverage - Unit
No Test Coverage
Event Timeline
keyserver/src/keyserver.js | ||
---|---|---|
131 ↗ | (On Diff #24519) | I was thinking about some kind of sanitization here, but I don't think this is necessary. If a user receives a malicious link and clicks it, we don't have to be involved - the damage is already done. Also, the store url can be typed directly by the user, so it doesn't mean that we're redirecting to it. |
136 ↗ | (On Diff #24519) | My testing indicates that we can't put any value into the referrer field - it gets replaced by utm_source=google-play&utm_medium=organic. We can set some specific parts of referrer value https://developers.google.com/analytics/devguides/collection/android/v4/campaigns?hl=pl#campaign-params from which source looks the most relevant. So the value we put here is url-encoded utm_source=invite/${secret} |
keyserver/src/keyserver.js | ||
---|---|---|
136 ↗ | (On Diff #24519) | Should we call urlencode(secret)? |
keyserver/src/keyserver.js | ||
---|---|---|
136 ↗ | (On Diff #24519) |
|
keyserver/src/keyserver.js | ||
---|---|---|
136 ↗ | (On Diff #24519) | I think the solution might be to limit the possible set of secret characters to just alphanumeric. If we avoid % char, the secret should be in a state where decoding it doesn't change it. If this endpoint is called with secret containing special chars, we should avoid passing it as a referrer. |
Limit set of allowed chars in the secret.
Make code more readable by using encode function.
keyserver/src/keyserver.js | ||
---|---|---|
132 | This function keeps growing - in one of the next diffs I'm going to extract it to a separate place. |
keyserver/src/keyserver.js | ||
---|---|---|
132 | Thanks for preempting this diff comment! |