Skip to content

chore(runway): cherry-pick fix: remove do you want to download file.bin alert on iOS cp-7.61.0#23452

Merged
Cal-L merged 1 commit intorelease/7.61.0from
runway-cherry-pick-7.61.0-1764366413
Dec 1, 2025
Merged

chore(runway): cherry-pick fix: remove do you want to download file.bin alert on iOS cp-7.61.0#23452
Cal-L merged 1 commit intorelease/7.61.0from
runway-cherry-pick-7.61.0-1764366413

Conversation

@runway-github
Copy link
Contributor

@runway-github runway-github bot commented Nov 28, 2025

Description

Remove "do you want to download file.bin" alert on iOS
PR for react-native-webview-mm:
MetaMask/react-native-webview-mm#74

Changelog

CHANGELOG entry: Fixed a bug where we prompt do you want to download
file.bin alert

Related issues

Fixes: #20359

Manual testing steps

Feature: remove do you want to download file.bin alert 

  Scenario: user not seeing the alert
    Given user navigates to browser tab

    When user navigates to sites like https://adtech.org/metamask-iframe-example/
    Then user should not see an alert that says "do you want to download file.bin"

Screenshots/Recordings

Before

Screenshot 2025-11-27 at 12 31 40 PM

After

Not showing the alert
iOS after

Can still download files

downloads

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the
    app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described
    in the ticket it closes and includes the necessary testing evidence such
    as recordings and or screenshots.

Note

Suppresses generic iOS data-URL .bin download alerts and consolidates Android WebView permission prompts into a single confirmation with safer granting.

  • iOS (apple/RNCWebViewImpl.m):
    • downloadBase64File: infer file extension early; ignore .bin (application/octet-stream) data-URL downloads to avoid the "do you want to download File.bin" alert; add log.
  • Android (RNCWebChromeClient.java):
    • onPermissionRequest: reset state; aggregate already OS-granted permissions, show a single confirmation dialog (with combined labels), map selections to WebView resources, and either grant immediately or request remaining system permissions.
    • onRequestPermissionsResult flow: wrap grant in try/catch and ensure cleanup to avoid IllegalStateException.

Written by Cursor Bugbot for commit 0e62d5a. This will update automatically on new commits. Configure here.

6352721

…in alert on iOS cp-7.61.0 (#23383)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**
Remove "do you want to download file.bin" alert on iOS 
PR for react-native-webview-mm:
MetaMask/react-native-webview-mm#74

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: Fixed a bug where we prompt do you want to download
file.bin alert

## **Related issues**

Fixes: #20359

## **Manual testing steps**

```gherkin
Feature: remove do you want to download file.bin alert 

  Scenario: user not seeing the alert
    Given user navigates to browser tab

    When user navigates to sites like https://adtech.org/metamask-iframe-example/
    Then user should not see an alert that says "do you want to download file.bin"
```

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**
<img width="211" height="458" alt="Screenshot 2025-11-27 at 12 31 40 PM"
src="https://github.com/user-attachments/assets/0bfbd86f-1196-4320-b6f8-2dd499349437"
/>


### **After**
Not showing the alert
![iOS
after](https://github.com/user-attachments/assets/8b55ad4c-acf6-4de8-a303-215219d1b191)

Can still download files 

![downloads](https://github.com/user-attachments/assets/9c722df1-e6e6-4905-898c-e1775dce6915)

## **Pre-merge author checklist**

- [x] I’ve followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [x] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [x] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Suppresses the iOS "download File.bin" alert for data URLs and
consolidates Android WebView permission handling into a single dialog
with safer granting/cleanup.
> 
> - **iOS (RNCWebViewImpl)**:
> - Suppress downloads for `application/octet-stream` data URLs by
inferring extension early and ignoring `.bin`, preventing the "Do you
want to download File.bin" alert.
> - Minor refactor: compute `fileExtension` before decoding and reuse
it.
> - **Android (RNCWebChromeClient)**:
> - Rework permission flow: reset state, aggregate multiple permissions
into a single user prompt, map OS permissions to WebView resources, and
grant immediately when possible.
> - Add robust state cleanup and try/catch around `grant` to avoid
IllegalStateException; handle negative responses and pending system
permission requests correctly.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
59d75e8. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
@runway-github runway-github bot requested a review from a team as a code owner November 28, 2025 21:46
@github-actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added the team-bots Bot team (for MetaMask Bot, Runway Bot, etc.) label Nov 28, 2025
@github-actions
Copy link
Contributor

🔍 Smart E2E Test Selection

  • Selected E2E tags: SmokeCore, SmokeWalletPlatform, SmokeRamps, SmokePerps, SmokeCard
  • Risk Level: medium
  • AI Confidence: 75%
click to see 🤖 AI reasoning details

This PR modifies the react-native-webview patch file, introducing changes to WebView behavior on both Android and iOS platforms:

Android Changes (Permission Handling):

  • Refactors the permission request system to consolidate multiple dialogs into a single dialog
  • Improves state management for granted permissions
  • Adds error handling with try-catch for IllegalStateException
  • Affects camera, microphone, and protected media permissions

iOS Changes (Download Handling):

  • Filters out generic binary (File.bin) downloads to prevent unwanted download prompts
  • Adds early detection of file extensions before processing downloads

Impact Assessment:
WebView is a critical component used throughout the app for:

  1. Browser/dApp interactions (BrowserTab.tsx) - Web3 connectivity and dApp browsing
  2. Snaps execution (SnapsExecutionWebView.tsx) - Running Snaps in isolated environments
  3. Ramps (WebviewModal) - Payment processing and KYC flows
  4. Card features (KYCWebview) - Card onboarding
  5. Trading/Perps (TradingViewChart) - Chart displays
  6. Simple webviews for various informational content

Selected Tags Rationale:

  • SmokeCore: Core WebView functionality affects app state, navigation, and fundamental operations
  • SmokeWalletPlatform: Browser and dApp interactions are core to wallet platform functionality
  • SmokeRamps: Ramps heavily rely on WebView for payment and KYC flows
  • SmokePerps: Perps use WebView for TradingView charts
  • SmokeCard: Card features use WebView for KYC processes

Risk Level: Medium
The changes touch native platform code (Java for Android, Objective-C for iOS) in a critical UI component. While the changes appear to be improvements (better permission UX, filtering unwanted downloads), they modify behavior that could affect user flows involving:

  • Permission requests for camera/microphone in dApps
  • File downloads in any WebView context
  • Dialog interactions and state management

The changes are not trivial patches but functional improvements that warrant testing in key areas that use WebView.

Confidence: 75%
I'm reasonably confident in this selection because:

  • I've identified the key areas using WebView through code analysis
  • The changes are isolated to WebView behavior but affect multiple features
  • The selected tags cover the primary use cases of WebView in the app
    However, there may be edge cases or additional WebView usage I haven't fully explored, and E2E tests may not specifically cover permission dialogs or download scenarios.

View GitHub Actions results

@codecov-commenter
Copy link

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release/7.61.0@b6dddbc). Learn more about missing BASE report.

Additional details and impacted files
@@                Coverage Diff                @@
##             release/7.61.0   #23452   +/-   ##
=================================================
  Coverage                  ?   78.55%           
=================================================
  Files                     ?     4002           
  Lines                     ?   104225           
  Branches                  ?    20853           
=================================================
  Hits                      ?    81872           
  Misses                    ?    16656           
  Partials                  ?     5697           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sonarqubecloud
Copy link

@Cal-L Cal-L merged commit 6a21ead into release/7.61.0 Dec 1, 2025
307 of 316 checks passed
@Cal-L Cal-L deleted the runway-cherry-pick-7.61.0-1764366413 branch December 1, 2025 18:22
@github-actions github-actions bot locked and limited conversation to collaborators Dec 1, 2025
@metamaskbot metamaskbot added the release-7.61.0 Issue or pull request that will be included in release 7.61.0 label Dec 1, 2025
@metamaskbot
Copy link
Collaborator

No release label on PR. Adding release label release-7.61.0 on PR, as PR was cherry-picked in branch 7.61.0.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

release-7.61.0 Issue or pull request that will be included in release 7.61.0 size-S team-bots Bot team (for MetaMask Bot, Runway Bot, etc.)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants