amir/claude-usage-widget
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

security: restrict network to system CAs, tighten WebView capabilities; v1.9

Browse Source 
- AndroidManifest: add networkSecurityConfig to explicitly trust only system
  CAs, preventing user-installed CA cert MITM attacks on claude.ai sessions
- LoginActivity: set javaScriptCanOpenWindowsAutomatically=false (not needed
  for claude.ai login) and databaseEnabled=false (deprecated WebSQL)
- build.gradle.kts: enable buildConfig generation (required for
  BuildConfig.DEBUG guards already used in UsageRepository)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Amir Khodak
2026-05-27 20:00:01 +00:00
parent ee68b11ad0
commit 6934017519
4 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/src/main/AndroidManifest.xml
+1
View File
@@ -11,6 +11,7 @@
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/Theme.ClaudeUsage"
android:networkSecurityConfig="@xml/network_security_config"
android:usesCleartextTraffic="false">
<activity