Conversation
…erriden at by another swizzle
…recovery and reswizzle
…cumentation - Refactored iOS interception to use +load swizzling to ensure hooks are installed before React Native RCTBridge initialization, preventing missing initialization races. - Added support to intercept dataTaskWithURL in iOS. - iOS now logs memory address pointers when nil/unrecognized delegates are encountered to assist debugging 3rd party interference. - Fixed React Native fetch() initialization race conditions on both iOS and Android where native request threads slept unnecessarily. Replaced with dynamic isInitialized checks and an explicit one-time developer warning. - Expanded ARCHITECTURE.md to cover Android OkHttp factory interception, interference by other SDKs, and the fetchWithApproov alternative. - Updated USAGE.md with critical warnings to await ApproovService.initialize() or use useApproov() hook before executing fetch.
…ws for resolving 3rd party SDK conflicts
…ialization Promise resolution
…idge method details
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated 7 comments.
Comments suppressed due to low confidence (1)
ios/ApproovMockURLProtocol.m:163
startLoadingno longer extracts/uses themsgquery parameter (and doesn't use thecodefor the/errorpath). As a result, mock tasks created viacreateMockTaskForSession:withErrorCode:withMessage:will always fail with the hardcoded "doesn't support request body stream" message instead of the intended interceptor message. Parsemsgagain and use it (andcode) to build the NSError for/errorresponses so blocked/retry reasons propagate correctly.
// extract code value
NSInteger code = [queryStrings[@"code"] intValue];
// determine the response to be sent
id<NSURLProtocolClient> client = [self client];
if ([url.path isEqualToString:@"/status"]) {
// send a mock status code response
NSURLResponse *response = [[NSHTTPURLResponse alloc] initWithURL:url
statusCode:code
HTTPVersion:@"HTTP/1.1"
headerFields:@{}];
[client URLProtocol:self
didReceiveResponse:response
cacheStoragePolicy:NSURLCacheStorageNotAllowed];
[client URLProtocolDidFinishLoading:self];
} else {
// send an error response
NSError *error = ApproovRNError(
APPROOV_ERROR,
@"Approov: MockURLProtocol doesn't support request body stream");
[client URLProtocol:self didFailWithError:error];
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
android/src/main/java/io/approov/reactnative/ApproovService.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 25 out of 26 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 25 out of 26 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ix, URL validation, and input validation
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 25 out of 26 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // extract code value | ||
| NSInteger code = [queryStrings[@"code"] intValue]; | ||
| NSString *msg = queryStrings[@"msg"]; | ||
|
|
||
| // determine the response to be sent |
There was a problem hiding this comment.
startLoading no longer reads the msg query parameter, but mock task URLs are still created with ...&msg=... (see createMockTaskForSession:*withMessage:). This means callers expecting the provided message to flow through the mock response/error will now always get the generic error text instead. Consider extracting msg here and using it as the response body for /status or as the NSError description for /error (or stop including msg in the generated mock URL if it’s intentionally unused).
Improved interception on iOS and a host of small fixes in the platform layers:
fix(ios): copy back all request properties from mutator, not just headers
fix(ios): use dynamic token header name in message signing gate check
fix: decouple setUseApproovStatusIfNoToken from network-risk blocking logic
fix(ios): honor custom mutator errors to allow blocking on NO_APPROOV_SERVICE
docs: refine setUseApproovStatusIfNoToken behavior and add missing bridge method details
docs: correct getPinningDiagnostics payload description for iOS
fix(android): add no-op addAllowedDelegate for cross-platform safety
fix(types): add explicit types for ApproovProvider and useApproov
fix(js): support async onInit in ApproovProvider and add mount guards
fix(ios): use thread-safe snapshot for header substitution lookup
fix: align NO_APPROOV_SERVICE behavior across platforms and docs
fix(ios): support message signing in fetchWithApproov
docs: update README.md to reflect supported RN version 0.76+
docs: correct addAllowedDelegate matching description in REFERENCE.md
Expose native logMessage to JS and trigger native output upon JS Initialization Promise resolution
Update CHANGELOG.md for 3.5.10 release
Update TROUBLESHOOTING.md with concrete developer integration workflows for resolving 3rd party SDK conflicts
Update REFERENCE.md to include setTraceIDHeader and getTraceIDHeader
Bump version to 3.5.10 and link ARCHITECTURE.md in README
Fortify network interception, initialization races, and expand SDK documentation
Add document explaining architecture for the ios service layer
Swizzle sessionWithConfiguration:delegate:delegateQueue: and support recovery and reswizzle
Redefine IMP CONFLICT as error level log
Add dataTaskWithURL swizzle; support detection for when our IMP is overridden by another swizzle