fix(vk): route the Wallet public-offer link out of the Mini App WebView #281
Reference in New Issue
Block a user
Delete Branch "feature/vk-offer-link-escape"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The "Public offer" link in the Wallet (
Wallet.svelte) pointed at the same-origin static/offer/page with a plaintarget=_blankanchor and no click handler. The Android VK client ignorestarget=_blankand navigates its own WebView to the page, stranding the player with no way back to the game. iOS opens a child browser, so it was unaffected — matching the report.The existing
onExternalLinkClickrouter could not help: it escapes only cross-origin links (isExternalHttpUrlgate), and/offer/is same-origin — a static legal page, not an SPA route.Fix: add
onInAppPageLinkClick, which routes a same-origin, non-SPA page out through the host escape hatch (TelegramopenLink, VKaway.php) while deliberately bypassing the cross-origin gate, and attach it to the offer link. Outside a Mini App host it is a no-op and the anchor owntarget=_blankstands. On VK Android the offer now opens in the system browser — the same path the working "Look up in dictionary" link already uses.Audit of the other reported link points — both already correct, unchanged:
onExternalLinkClickon the container + external URLs → route fine.Tests: 3 regression cases in
links.test.ts(VK Android → away.php + preventDefault; Telegram → openLink; plain host → no-op). Localuigate green: vitest 649 passed, svelte-check 0 errors, vite build ok.Caveat: no live VK-host e2e harness — unit tests cover the routing logic; the real on-device "opens and returns" is verified on the contour.