Skip to content

Cap-go/capacitor-inappbrowser

BranchesTags

Repository files navigation

@capgo/inappbrowser

Capgo - Instant updates for capacitor

Capacitor plugin in app browser with urlChangeEvent, two way communication, camera and microphone usage, etc.

Why InAppBrowser?

The official Capacitor Browser plugin has strict security limitations that prevent advanced features. InAppBrowser removes these restrictions, enabling:

  • Two-way communication between your app and the browser
  • JavaScript injection for dynamic content manipulation
  • Camera and microphone access within the browser context
  • URL change monitoring for navigation tracking
  • Custom toolbars and UI for branded experiences
  • Cookie and cache management for session control
  • Custom sizes for extra control of the display position

Perfect for OAuth flows, embedded web apps, video calls, and any scenario requiring deep integration with web content.

Documentation

The most complete doc is available here: https://capgo.app/docs/plugins/inappbrowser/

Compatibility

Plugin version Capacitor compatibility Maintained
v8.*.* v8.*.*
v7.*.* v7.*.* On demand
v6.*.* v6.*.*
v5.*.* v5.*.*

Note: The major version of this plugin follows the major version of Capacitor. Use the version that matches your Capacitor installation (e.g., plugin v8 for Capacitor 8). Only the latest major version is actively maintained.

Install

npm install @capgo/inappbrowser
npx cap sync

Usage

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.open({ url: 'YOUR_URL' });

Customize Chrome Custom Tab Appearance (Android)

The open() method launches a Chrome Custom Tab on Android. You can customize its appearance to blend with your app:

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.open({
  url: 'https://example.com',
  toolbarColor: '#1A1A2E', // Match your app's theme
  showTitle: true, // Show page title instead of raw URL
  showArrow: true, // Back arrow instead of X close icon
  urlBarHidingEnabled: true, // Auto-hide URL bar on scroll
  disableShare: true, // Remove share from overflow menu
  disableBookmark: true, // Hide bookmark icon (undocumented, may break)
  disableDownload: true, // Hide download icon (undocumented, may break)
});

All CCT options are Android-only and safely ignored on iOS. See OpenOptions for full documentation.

Open WebView with Custom Dimensions

By default, the webview opens in fullscreen. You can set custom dimensions to control the size and position:

import { InAppBrowser } from '@capgo/inappbrowser';

// Open with custom dimensions (400x600 at position 50,100)
const { id } = await InAppBrowser.openWebView({
  url: 'YOUR_URL',
  width: 400,
  height: 600,
  x: 50,
  y: 100,
});

// Update dimensions at runtime
InAppBrowser.updateDimensions({
  id, // Optional, if omitted targets the active webview
  width: 500,
  height: 700,
  x: 100,
  y: 150,
});

Touch Passthrough: When custom dimensions are set (not fullscreen), touches outside the webview bounds will pass through to the underlying Capacitor webview, allowing the user to interact with your app in the exposed areas. This enables picture-in-picture style experiences where the InAppBrowser floats above your content.

Open WebView with Safe Margin

To create a webView with a 20px bottom margin (safe margin area outside the browser):

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.openWebView({
  url: 'YOUR_URL',
  enabledSafeBottomMargin: true,
});

Web platform is not supported. Use window.open instead.

Open WebView in Full Screen Mode

To open the webview in true full screen mode (content extends behind the status bar), set enabledSafeTopMargin to false:

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.openWebView({
  url: 'YOUR_URL',
  enabledSafeTopMargin: false, // Disables safe area at top, allows full screen
});

This option works independently of the toolbar type:

  • iOS: The webview extends behind the status bar, providing true edge-to-edge content
  • Android: The top margin is disabled, allowing content to fill the entire screen

Perfect for immersive experiences like video players, games, or full-screen web applications. Can be combined with any toolbarType setting.

Proxy examples

Important

Proxy handling changed substantially in 8.6.0. If you already rely on the older proxy flow, treat this as a breaking migration and retest your handlers before shipping. Existing proxy handlers are not assumed to be drop-in compatible just because the API name stayed the same.

  • Native-first matching now uses outboundProxyRules and inboundProxyRules.
  • JavaScript proxy handlers now receive a phase (outbound or inbound).
  • If you respond manually with handleProxyRequest(...), pass the same phase back to native.
  • Late replies without the original phase can now be ignored instead of mutating the wrong request stage.
  • proxyRequests: true and proxyRequests: "<regex>" remain legacy compatibility modes. Do not mix legacy mode with the new rule-based flow without retesting.
  • Existing proxy listeners that only key on URL/method and do not preserve phase are not drop-in compatible with the new flow.

Block one request natively

Use a native rule when you just want to stop a request without round-tripping through JavaScript:

import { InAppBrowser } from '@capgo/inappbrowser';

await InAppBrowser.openWebView({
  url: 'https://example.com',
  outboundProxyRules: [
    {
      urlRegex: '^https://www\\.google-analytics\\.com/.*',
      action: 'cancel',
    },
  ],
});

Stub one script from JavaScript

Use delegateToJs when you want native matching, but still want JavaScript to replace the response:

import { InAppBrowser, addProxyHandler } from '@capgo/inappbrowser';

const proxyHandle = await addProxyHandler(async (request) => {
  if (request.phase === 'inbound' && request.url.includes('connect.facebook.net')) {
    return new Response('window.FB = { init: () => {}, login: () => {}, getLoginStatus: () => {} };', {
      status: 200,
      headers: {
        'Content-Type': 'application/javascript; charset=utf-8',
      },
    });
  }

  return null;
});

await InAppBrowser.openWebView({
  url: 'https://www.grailed.com/users/sign_up',
  inboundProxyRules: [
    {
      urlRegex: '^https://connect\\.facebook\\.net/.*',
      action: 'delegateToJs',
    },
  ],
});

// Later, when you are done:
await proxyHandle.remove();

Rewrite an outbound API request in JavaScript

When a request must be modified before it leaves the webview, return a request override:

import { InAppBrowser, addProxyHandler } from '@capgo/inappbrowser';

const proxyHandle = await addProxyHandler(async (request) => {
  if (request.phase === 'outbound' && request.url.includes('/api/private')) {
    return {
      request: {
        url: request.url,
        headers: {
          ...request.headers,
          Authorization: 'Bearer MY_TOKEN',
          'X-Proxy-Debug': 'enabled',
        },
      },
    };
  }

  return null;
});

await InAppBrowser.openWebView({
  url: 'https://example.com/dashboard',
  outboundProxyRules: [
    {
      urlRegex: '^https://example\\.com/api/private.*',
      action: 'delegateToJs',
    },
  ],
});

// Later, when you are done:
await proxyHandle.remove();

Test app and code:

https://github.com/Cap-go/demo-app/blob/main/src/views/plugins/Web.vue

Camera usage

Android

Add the following to your AndroidManifest.xml file:

    <uses-permission android:name="android.permission.CAMERA" />
		<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
		<uses-permission android:name="android.permission.RECORD_AUDIO"/>

Then the permission will be asked when the camera is used.

iOS

Add the following to your Info.plist file:

<key>NSCameraUsageDescription</key>
<string>We need access to the camera to record audio.</string>

Microphone usage

Android

Add the following to your AndroidManifest.xml file:

<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />

Then the permission will be asked when the microphone is used.

iOS

Add the following to your Info.plist file:

<key>NSMicrophoneUsageDescription</key>
<string>We need access to the microphone to record audio.</string>

Location usage

Android

Add the following to your AndroidManifest.xml file:

<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />

Then the permission will be asked when location is requested by a website in the webview.

iOS

Add the following to your Info.plist file:

<key>NSLocationWhenInUseUsageDescription</key>
<string>We need access to your location to provide location-based services.</string>

Two way communication

With this plugin you can send events from the main app to the inappbrowser and vice versa.

The data is sent as a JSON object, so no functions or other non-JSON-serializable types are allowed.

Main app to inappbrowser, detail object is mendatory

const { id } = await InAppBrowser.openWebView({ url: 'YOUR_URL' });
InAppBrowser.postMessage({ id, detail: { message: 'myMessage' } });
// Or broadcast to all open webviews
InAppBrowser.postMessage({ detail: { message: 'broadcast' } });

Receive event from native in the inappbrowser

window.addEventListener('messageFromNative', (event) => {
  console.log(event);
});

Send event from inappbrowser to main app, detail object is mendatory

window.mobileApp.postMessage({ detail: { message: 'myMessage' } });

Receive event from inappbrowser in the main app

InAppBrowser.addListener('messageFromWebview', (event) => {
  console.log(event.id, event.detail);
});

Close inappbrowser from inappbrowser itself

window.mobileApp.close();

Google Pay (Android)

To enable Google Pay inside the in-app browser on Android you must do all three of the following:

1. Enable the option when opening the browser

Pass enableGooglePaySupport: true in your openWebView call:

InAppBrowser.openWebView({
  url: 'https://your-checkout-page.example.com',
  enableGooglePaySupport: true,
});

2. Add Payment Request intent queries to your AndroidManifest.xml

Android 11+ enforces Package Visibility. Without these entries the WebView cannot discover Google Pay and the payment sheet will never appear.

Add the following inside the <manifest> tag of your app's AndroidManifest.xml (typically android/app/src/main/AndroidManifest.xml):

<queries>
  <!-- Required for Google Pay / Payment Request API in WebView -->
  <intent>
    <action android:name="org.chromium.intent.action.PAY" />
  </intent>
  <intent>
    <action android:name="org.chromium.intent.action.IS_READY_TO_PAY" />
  </intent>
  <intent>
    <action android:name="org.chromium.intent.action.UPDATE_PAYMENT_DETAILS" />
  </intent>
</queries>

3. Require WebView 120 or later

The W3C Payment Request API (used by Google Pay) requires Android WebView 120+. Devices running an older WebView version will not be able to complete Google Pay transactions. Most modern Android devices already meet this requirement.

API

goBack(...)

goBack(options?: { id?: string | undefined; } | undefined) => Promise<{ canGoBack: boolean; }>

Navigates back in the WebView's history if possible

Param Type
options { id?: string; }

Returns: Promise<{ canGoBack: boolean; }>

Since: 7.21.0

open(...)

open(options: OpenOptions) => Promise<any>

Open url in a new window fullscreen, on android it use chrome custom tabs, on ios it use SFSafariViewController

Param Type
options OpenOptions

Returns: Promise<any>

Since: 0.1.0

clearCookies(...)

clearCookies(options: ClearCookieOptions) => Promise<any>

Clear cookies of url When id is omitted, applies to all open webviews.

Param Type
options ClearCookieOptions

Returns: Promise<any>

Since: 0.5.0

clearAllCookies(...)

clearAllCookies(options?: { id?: string | undefined; } | undefined) => Promise<any>

Clear all cookies When id is omitted, applies to all open webviews.

Param Type
options { id?: string; }

Returns: Promise<any>

Since: 6.5.0

clearCache(...)

clearCache(options?: { id?: string | undefined; } | undefined) => Promise<any>

Clear cache When id is omitted, applies to all open webviews.

Param Type
options { id?: string; }

Returns: Promise<any>

Since: 6.5.0

getCookies(...)

getCookies(options: GetCookieOptions) => Promise<Record<string, string>>

Get cookies for a specific URL.

Param Type Description
options GetCookieOptions The options, including the URL to get cookies for.

Returns: Promise<Record<string, string>>

close(...)

close(options?: CloseWebviewOptions | undefined) => Promise<any>

Close the webview. When id is omitted, closes the active webview.

Param Type
options CloseWebviewOptions

Returns: Promise<any>

hide(...)

hide(options?: { id?: string | undefined; } | undefined) => Promise<void>

Hide the webview without closing it. Use show() to bring it back. When id is omitted, targets the active webview.

Param Type
options { id?: string; }

Since: 8.0.8

show(...)

show(options?: { id?: string | undefined; } | undefined) => Promise<void>

Show a previously hidden webview. When id is omitted, targets the active webview.

Param Type
options { id?: string; }

Since: 8.0.8

openWebView(...)

openWebView(options: OpenWebViewOptions) => Promise<{ id: string; }>

Open url in a new webview with toolbars, and enhanced capabilities, like camera access, file access, listen events, inject javascript, bi directional communication, etc.

JavaScript Interface: When you open a webview with this method, a JavaScript interface is automatically injected that provides:

  • window.mobileApp.close(): Closes the webview from JavaScript
  • window.mobileApp.postMessage({detail: {message: "myMessage"}}): Sends a message from the webview to the app, detail object is the data you want to send to the webview
  • window.mobileApp.takeScreenshot() when allowScreenshotsFromWebPage is true

Promise timing differs by platform when isPresentAfterPageLoad is used. Android resolves with { id } after the dialog is ready to control, while iOS resolves with { id } immediately after creating the native webview.

Param Type
options OpenWebViewOptions

Returns: Promise<{ id: string; }>

Since: 0.1.0

executeScript(...)

executeScript(options: { code: string; id?: string; }) => Promise<void>

Injects JavaScript code into the InAppBrowser window. When id is omitted, executes in all open webviews.

Param Type
options { code: string; id?: string; }

postMessage(...)

postMessage(options: { detail: Record<string, any>; id?: string; }) => Promise<void>

Sends an event to the webview(inappbrowser). you can listen to this event in the inappbrowser JS with window.addEventListener("messageFromNative", listenerFunc: (event: Record<string, any>) => void) detail is the data you want to send to the webview, it's a requirement of Capacitor we cannot send direct objects Your object has to be serializable to JSON, so no functions or other non-JSON-serializable types are allowed. When id is omitted, broadcasts to all open webviews.

Param Type
options { detail: Record<string, any>; id?: string; }

takeScreenshot(...)

takeScreenshot(options?: { id?: string | undefined; } | undefined) => Promise<ScreenshotResult>

Captures the current webview viewport as a PNG screenshot. When id is omitted, targets the active webview.

Param Type
options { id?: string; }

Returns: Promise<ScreenshotResult>

setUrl(...)

setUrl(options: { url: string; id?: string; }) => Promise<any>

Sets the URL of the webview. When id is omitted, targets the active webview.

Param Type
options { url: string; id?: string; }

Returns: Promise<any>

addListener('urlChangeEvent', ...)

addListener(eventName: 'urlChangeEvent', listenerFunc: UrlChangeListener) => Promise<PluginListenerHandle>

Listen for url change, only for openWebView

Param Type
eventName 'urlChangeEvent'
listenerFunc UrlChangeListener

Returns: Promise<PluginListenerHandle>

Since: 0.0.1

addListener('buttonNearDoneClick', ...)

addListener(eventName: 'buttonNearDoneClick', listenerFunc: ButtonNearListener) => Promise<PluginListenerHandle>
Param Type
eventName 'buttonNearDoneClick'
listenerFunc ButtonNearListener

Returns: Promise<PluginListenerHandle>

addListener('closeEvent', ...)

addListener(eventName: 'closeEvent', listenerFunc: UrlChangeListener) => Promise<PluginListenerHandle>

Listen for close click only for openWebView

Param Type
eventName 'closeEvent'
listenerFunc UrlChangeListener

Returns: Promise<PluginListenerHandle>

Since: 0.4.0

addListener('confirmBtnClicked', ...)

addListener(eventName: 'confirmBtnClicked', listenerFunc: ConfirmBtnListener) => Promise<PluginListenerHandle>

Will be triggered when user clicks on confirm button when disclaimer is required, works with openWebView shareDisclaimer and closeModal

Param Type
eventName 'confirmBtnClicked'
listenerFunc ConfirmBtnListener

Returns: Promise<PluginListenerHandle>

Since: 0.0.1

addListener('messageFromWebview', ...)

addListener(eventName: 'messageFromWebview', listenerFunc: (event: { id?: string; detail?: Record<string, any>; rawMessage?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered when event is sent from webview(inappbrowser), to send an event to the main app use window.mobileApp.postMessage({ "detail": { "message": "myMessage" } }) detail is the data you want to send to the main app, it's a requirement of Capacitor we cannot send direct objects Your object has to be serializable to JSON, no functions or other non-JSON-serializable types are allowed.

This method is inject at runtime in the webview

Param Type
eventName 'messageFromWebview'
listenerFunc (event: { id?: string; detail?: Record<string, any>; rawMessage?: string; }) => void

Returns: Promise<PluginListenerHandle>

addListener('screenshotTaken', ...)

addListener(eventName: 'screenshotTaken', listenerFunc: (event: ScreenshotResult & { id?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered whenever a screenshot is captured from the plugin API, the native screenshot button, or the injected JavaScript bridge.

Param Type
eventName 'screenshotTaken'
listenerFunc (event: ScreenshotResult & { id?: string; }) => void

Returns: Promise<PluginListenerHandle>

addListener('browserPageLoaded', ...)

addListener(eventName: 'browserPageLoaded', listenerFunc: (event: { id?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered when page is loaded

Param Type
eventName 'browserPageLoaded'
listenerFunc (event: { id?: string; }) => void

Returns: Promise<PluginListenerHandle>

addListener('pageLoadError', ...)

addListener(eventName: 'pageLoadError', listenerFunc: (event: { id?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered when page load error

Param Type
eventName 'pageLoadError'
listenerFunc (event: { id?: string; }) => void

Returns: Promise<PluginListenerHandle>

addListener('downloadCompleted', ...)

addListener(eventName: 'downloadCompleted', listenerFunc: (event: DownloadCompletedEvent) => void) => Promise<PluginListenerHandle>

Will be triggered after native download handling saves a file locally. Enable this with handleDownloads: true when opening the webview.

Param Type
eventName 'downloadCompleted'
listenerFunc (event: DownloadCompletedEvent) => void

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('downloadFailed', ...)

addListener(eventName: 'downloadFailed', listenerFunc: (event: DownloadFailedEvent) => void) => Promise<PluginListenerHandle>

Will be triggered when native download handling fails. Enable this with handleDownloads: true when opening the webview.

Param Type
eventName 'downloadFailed'
listenerFunc (event: DownloadFailedEvent) => void

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('popupWindowOpened', ...)

addListener(eventName: 'popupWindowOpened', listenerFunc: (event: PopupWindowEvent) => void) => Promise<PluginListenerHandle>

Will be triggered whenever a page opens a popup/new window. Use the returned popup id with executeScript, postMessage, show, hide, and close.

Param Type
eventName 'popupWindowOpened'
listenerFunc (event: PopupWindowEvent) => void

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('proxyRequest', ...)

addListener(eventName: 'proxyRequest', listenerFunc: (event: ProxyRequest) => void) => Promise<PluginListenerHandle>

Listen for proxied requests delegated by the native runtime. Prefer addProxyHandler() instead of calling this directly.

Param Type
eventName 'proxyRequest'
listenerFunc (event: ProxyRequest) => void

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('consoleMessage', ...)

addListener(eventName: 'consoleMessage', listenerFunc: (event: ConsoleMessageEvent) => void) => Promise<PluginListenerHandle>

Listen for JavaScript console output emitted by the managed page. Enable this with captureConsoleLogs: true when opening the webview.

Param Type
eventName 'consoleMessage'
listenerFunc (event: ConsoleMessageEvent) => void

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

handleProxyRequest(...)

handleProxyRequest(options: { requestId: string; decision?: ProxyDecision | null; response?: ProxyResponse | null; webviewId?: string; phase?: 'outbound' | 'inbound'; }) => Promise<void>

Internal method used by addProxyHandler() to send a proxy decision back to native. Forward the original phase when replying to a manual proxyRequest listener.

Param Type
options { requestId: string; decision?: ProxyDecision | null; response?: ProxyResponse | null; webviewId?: string; phase?: 'outbound' | 'inbound'; }

Since: 8.6.0

removeAllListeners()

removeAllListeners() => Promise<void>

Remove all listeners for this plugin.

Since: 1.0.0

reload(...)

reload(options?: { id?: string | undefined; } | undefined) => Promise<any>

Reload the current web page.

Param Type
options { id?: string; }

Returns: Promise<any>

Since: 1.0.0

updateDimensions(...)

updateDimensions(options: DimensionOptions & { id?: string; }) => Promise<void>

Update the dimensions of the webview. Allows changing the size and position of the webview at runtime. When id is omitted, targets the active webview.

Param Type Description
options DimensionOptions & { id?: string; } Dimension options (width, height, x, y)

setEnabledSafeTopMargin(...)

setEnabledSafeTopMargin(options: { enabled: boolean; id?: string; }) => Promise<void>

Sets the enabled safe top margin of the webview at runtime. When id is omitted, targets the active webview. On Web, this method is a no-op and resolves without changing layout.

Param Type
options { enabled: boolean; id?: string; }

setEnabledSafeBottomMargin(...)

setEnabledSafeBottomMargin(options: { enabled: boolean; id?: string; }) => Promise<void>

Sets the enabled safe bottom margin of the webview at runtime. When id is omitted, targets the active webview. On Web, this method is a no-op and resolves without changing layout.

Param Type
options { enabled: boolean; id?: string; }

openSecureWindow(...)

openSecureWindow(options: OpenSecureWindowOptions) => Promise<OpenSecureWindowResponse>

Opens a secured window for OAuth2 authentication. For web, you should have the code in the redirected page to use a broadcast channel to send the redirected url to the app Something like:

&lt;html&gt;
&lt;head&gt;&lt;/head&gt;
&lt;body&gt;
&lt;script&gt;
  const searchParams = new URLSearchParams(location.search)
  if (searchParams.has("code")) {
    new BroadcastChannel("my-channel-name").postMessage(location.href);
    window.close();
  }
&lt;/script&gt;
&lt;/body&gt;
&lt;/html&gt;

For mobile, you should have a redirect uri that opens the app, something like: myapp://oauth_callback/ And make sure to register it in the app's info.plist:

&lt;key&gt;CFBundleURLTypes&lt;/key&gt;
&lt;array&gt;
   &lt;dict&gt;
      &lt;key&gt;CFBundleURLSchemes&lt;/key&gt;
      &lt;array&gt;
         &lt;string&gt;myapp&lt;/string&gt;
      &lt;/array&gt;
   &lt;/dict&gt;
&lt;/array&gt;

And in the AndroidManifest.xml file:

&lt;activity&gt;
   &lt;intent-filter&gt;
      &lt;action android:name="android.intent.action.VIEW" /&gt;
      &lt;category android:name="android.intent.category.DEFAULT" /&gt;
      &lt;category android:name="android.intent.category.BROWSABLE" /&gt;
      &lt;data android:host="oauth_callback" android:scheme="myapp" /&gt;
   &lt;/intent-filter&gt;
&lt;/activity&gt;
Param Type Description
options OpenSecureWindowOptions - the options for the openSecureWindow call

Returns: Promise<OpenSecureWindowResponse>

Interfaces

OpenOptions

Prop Type Description Default Since
url string Target URL to load. 0.1.0
isPresentAfterPageLoad boolean if true, the browser will be presented after the page is loaded, if false, the browser will be presented immediately. 0.1.0
preventDeeplink boolean if true the deeplink will not be opened, if false the deeplink will be opened when clicked on the link 0.1.0
toolbarColor string Toolbar background color in hex format (e.g., "#1A1A2E"). Applied to both light and dark color schemes. Also sets the navigation bar color to match. Android only — ignored on iOS. 8.2.0
urlBarHidingEnabled boolean Whether the URL bar should auto-hide when the user scrolls down. The bar reappears on any upward scroll. Android only — ignored on iOS. false 8.2.0
showTitle boolean Show the page's HTML <title> in the toolbar instead of the raw URL. The true URL is still visible when the user taps the title area. Android only — ignored on iOS. false 8.2.0
showArrow boolean Replace the default "X" close icon with a back arrow. Makes the Custom Tab feel like a native navigation push rather than a modal overlay. Android only — ignored on iOS. false 8.2.0
disableShare boolean Remove the share action from the overflow menu. Android only — ignored on iOS. false 8.2.0
disableBookmark boolean Hide the bookmark star icon in the overflow menu. Uses an undocumented Chromium intent extra — may stop working on future Chrome updates. Android only — ignored on iOS. false 8.2.0
disableDownload boolean Hide the download icon in the overflow menu. Uses an undocumented Chromium intent extra — may stop working on future Chrome updates. Android only — ignored on iOS. false 8.2.0

ClearCookieOptions

Prop Type Description
id string Target webview id. When omitted, applies to all open webviews.
url string

HttpCookie

Prop Type Description
url string The URL of the cookie.
key string The key of the cookie.
value string The value of the cookie.

GetCookieOptions

Prop Type
url string
includeHttpOnly boolean

CloseWebviewOptions

Prop Type Description Default
id string Target webview id to close. If omitted, closes the active webview.
isAnimated boolean Whether the webview closing is animated or not, ios only true

OpenWebViewOptions

Prop Type Description Default Since
url string Target URL to load. 0.1.0
headers Headers Headers to send with the request. 0.1.0
credentials Credentials Credentials to send with the request and all subsequent requests for the same host. 6.1.0
method string HTTP method to use for the initial request. Optional parameter - defaults to GET if not specified. Existing code that doesn't provide this parameter will continue to work unchanged with standard GET requests. When specified with 'POST', 'PUT', or 'PATCH' methods that support a body, you can also provide a body parameter with the request payload. Platform Notes: - iOS: Full support for all HTTP methods with headers - Android: Custom headers may not be sent with POST/PUT/PATCH requests due to WebView limitations "GET" 8.2.0
body string HTTP body to send with the request when using POST, PUT, or other methods that support a body. Should be a string (use JSON.stringify for JSON data). Optional parameter - only used when method is specified and supports a request body. Omitting this parameter (or using GET method) results in standard behavior without a request body. 8.2.0
materialPicker boolean materialPicker: if true, uses Material Design theme for date and time pickers on Android. This improves the appearance of HTML date inputs to use modern Material Design UI instead of the old style pickers. false 7.4.1
jsInterface JavaScript Interface: The webview automatically injects a JavaScript interface providing: - window.mobileApp.close(): Closes the webview from JavaScript - window.mobileApp.postMessage(obj): Sends a message to the app (listen via "messageFromWebview" event) - window.mobileApp.hide() / window.mobileApp.show() when allowWebViewJsVisibilityControl is true in CapacitorConfig - window.mobileApp.takeScreenshot() when allowScreenshotsFromWebPage is true 6.10.0
allowScreenshotsFromWebPage boolean Allows page JavaScript to call window.mobileApp.takeScreenshot(). Disabled by default so only the host app can trigger native screenshots through the plugin API. false 8.4.0
captureConsoleLogs boolean Emits consoleMessage events for JavaScript console.* output coming from the managed page. Useful when the webview stays hidden and you still need page-level diagnostics. false 8.6.0
handleDownloads boolean Automatically handles downloads triggered inside the webview without requiring a custom JavaScript bridge. When enabled: - Standard attachment responses are written to a temporary file. - blob: downloads are also captured when the platform supports them. - Previewable files reopen inside the in-app browser when possible. - Other files are handed off to the native preview or viewer flow. - downloadCompleted and downloadFailed events notify the host app about the saved file. false 8.6.0
shareDisclaimer DisclaimerOptions Share options for the webview. When provided, shows a disclaimer dialog before sharing content. This is useful for: - Warning users about sharing sensitive information - Getting user consent before sharing - Explaining what will be shared - Complying with privacy regulations Note: shareSubject is required when using shareDisclaimer 0.1.0
toolbarType ToolBarType Toolbar type determines the appearance and behavior of the browser's toolbar - "activity": Shows a simple toolbar with just a close button and share button - "navigation": Shows a full navigation toolbar with back/forward buttons - "blank": Shows no toolbar - "": Default toolbar with close button ToolBarType.DEFAULT 0.1.0
shareSubject string Subject text for sharing. Required when using shareDisclaimer. This text will be used as the subject line when sharing content. 0.1.0
title string Title of the browser "New Window" 0.1.0
backgroundColor BackgroundColor Background color of the browser BackgroundColor.BLACK 0.1.0
activeNativeNavigationForWebview boolean If true, enables native navigation gestures within the webview. - Android: Native back button navigates within webview history - iOS: Enables swipe left/right gestures for back/forward navigation false (Android), true (iOS - enabled by default)
disableGoBackOnNativeApplication boolean Disable the possibility to go back on native application, useful to force user to stay on the webview, Android only false
isPresentAfterPageLoad boolean Open url in a new window fullscreen isPresentAfterPageLoad: if true, the browser will be presented after the page is loaded, if false, the browser will be presented immediately. Promise timing: on Android, openWebView() resolves with the webview id when the webview is ready to be controlled (immediately for hidden/immediate presentation, after the first page load when isPresentAfterPageLoad is true). On iOS, the promise resolves with the id as soon as the native webview is created, even if presentation is deferred. false 0.1.0
isInspectable boolean Whether the website in the webview is inspectable or not, ios only false
isAnimated boolean Whether the webview opening is animated or not, ios only true
showReloadButton boolean Shows a reload button that reloads the web page false 1.0.15
closeModal boolean CloseModal: if true a confirm will be displayed when user clicks on close button, if false the browser will be closed immediately. false 1.1.0
closeModalTitle string CloseModalTitle: title of the confirm when user clicks on close button "Close" 1.1.0
closeModalDescription string CloseModalDescription: description of the confirm when user clicks on close button "Are you sure you want to close this window?" 1.1.0
closeModalOk string CloseModalOk: text of the confirm button when user clicks on close button "Close" 1.1.0
closeModalCancel string CloseModalCancel: text of the cancel button when user clicks on close button "Cancel" 1.1.0
closeModalURLPattern string closeModalURLPattern: a regex pattern to match against the current URL when the close button is pressed. When provided along with closeModal: true, the close confirmation modal is only shown if the current URL matches this pattern. If the current URL does not match, the browser closes immediately without showing the modal. Requires closeModal to be true. 7.2.0
visibleTitle boolean visibleTitle: if true the website title would be shown else shown empty true 1.2.5
toolbarColor string toolbarColor: color of the toolbar in hex format "#ffffff" 1.2.5
toolbarTextColor string toolbarTextColor: color of the buttons and title in the toolbar in hex format When set, it overrides the automatic light/dark mode detection for text color calculated based on toolbarColor brightness 6.10.0
showArrow boolean showArrow: if true an arrow would be shown instead of cross for closing the window false 1.2.5
ignoreUntrustedSSLError boolean ignoreUntrustedSSLError: if true, the webview will ignore untrusted SSL errors allowing the user to view the website. false 6.1.0
preShowScript string preShowScript: if isPresentAfterPageLoad is true and this variable is set the plugin will inject a script before showing the browser. This script will be run in an async context. The plugin will wait for the script to finish (max 10 seconds) 6.6.0
preShowScriptInjectionTime 'documentStart' | 'pageLoad' preShowScriptInjectionTime: controls when the preShowScript is injected. - "documentStart": injects before any page JavaScript runs (good for polyfills like Firebase) - "pageLoad": injects after page load (default, original behavior) "pageLoad" 7.26.0
proxyRequests string | boolean Proxy interception mode. - true: legacy blanket mode, delegates all HTTP/HTTPS requests to JavaScript. - string: Android-only regex mode kept for backward compatibility. Prefer outboundProxyRules and inboundProxyRules for native-first matching. 6.9.0
outboundProxyRules NativeProxyRule[] Native-first outbound proxy rules. 8.6.0
inboundProxyRules NativeProxyRule[] Native-first inbound proxy rules. 8.6.0
buttonNearDone { ios: { iconType: 'sf-symbol' | 'asset'; icon: string; }; android: { iconType: 'asset' | 'vector'; icon: string; width?: number; height?: number; }; } buttonNearDone allows for a creation of a custom button near the done/close button. The button is only shown when toolbarType is not "activity", "navigation", or "blank". For Android: - iconType must be "asset" - icon path should be in the public folder (e.g. "monkey.svg") - width and height are optional, defaults to 48dp - button is positioned at the end of toolbar with 8dp margin For iOS: - iconType can be "sf-symbol" or "asset" - for sf-symbol, icon should be the symbol name - for asset, icon should be the asset name 6.7.0
showScreenshotButton boolean Shows a native screenshot button near the done/close button. The button is hidden by default and captures the current viewport when tapped. This option uses the same toolbar slot as buttonNearDone and is therefore incompatible with it. The button is only shown when toolbarType is not "activity", "navigation", or "blank". false 8.4.0
textZoom number textZoom: sets the text zoom of the page in percent. Allows users to increase or decrease the text size for better readability. 100 7.6.0
enableZoom boolean enableZoom: enables pinch-to-zoom gestures in the Android WebView. When true, built-in zoom controls are enabled and the zoom buttons are hidden. Android only — ignored on iOS where zoom is enabled by default. false 8.5.0
preventDeeplink boolean preventDeeplink: if true, the deeplink will not be opened, if false the deeplink will be opened when clicked on the link. on IOS each schema need to be added to info.plist file under LSApplicationQueriesSchemes when false to make it work. false 0.1.0
openBlankTargetInWebView boolean When true, HTTP and HTTPS links opened from target="_blank" anchors stay in the current webview instead of spawning a popup or opening in the system browser. By default, blank-target HTTP(S) links stay inside the plugin as managed popups that share cookies with the opener; enabling this option keeps everything in the same tab. Custom schemes such as tel: and mailto: and authorized app links still prefer their native handlers unless preventDeeplink is enabled. false 8.5.6
authorizedAppLinks string[] List of base URLs whose hosts are treated as authorized App Links (Android) and Universal Links (iOS). - On both platforms, only HTTPS links whose host matches any entry in this list will attempt to open via the corresponding native application. - If the app is not installed or the system cannot handle the link, the URL will continue loading inside the in-app browser. - Matching is host-based (case-insensitive), ignoring the "www." prefix. - When preventDeeplink is enabled, all external handling is blocked regardless of this list. [] 7.12.0
enabledSafeBottomMargin boolean If true, the webView will not take the full height and will have a 20px margin at the bottom. This creates a safe margin area outside the browser view. false 7.13.0
enabledSafeTopMargin boolean If false, the webView will extend behind the status bar for true full-screen immersive content. When true (default), respects the safe area at the top of the screen. Works independently of toolbarType - use for full-screen video players, games, or immersive web apps. true 8.2.0
useTopInset boolean When true, applies the system status bar inset as the WebView top margin on Android. Keeps the legacy 0px margin by default for apps that handle padding themselves. false
enableGooglePaySupport boolean enableGooglePaySupport: if true, enables support for Google Pay popups and Payment Request API. This fixes OR_BIBED_15 errors by allowing popup windows and configuring Cross-Origin-Opener-Policy. Only enable this if you need Google Pay functionality as it allows popup windows. When enabled: - Allows popup windows for Google Pay authentication - Sets proper CORS headers for Payment Request API - Enables multiple window support in WebView - Configures secure context for payment processing false 7.13.0
hiddenPopupWindow boolean Opens popup windows created by the page in hidden mode. Hidden popup windows can still be controlled with executeScript, postMessage, show, and close. Listen to popupWindowOpened to capture the popup id, then call show({ id }) only if you want to reveal it. false 8.6.0
blockedHosts string[] blockedHosts: List of host patterns that should be blocked from loading in the InAppBrowser's internal navigations. Any request inside WebView to a URL with a host matching any of these patterns will be blocked. Supports wildcard patterns like: - ".example.com" to block all subdomains - "www.example." to block wildcard domain extensions [] 7.17.0
width number Width of the webview in pixels. If not set, webview will be fullscreen width. undefined (fullscreen)
height number Height of the webview in pixels. If not set, webview will be fullscreen height. undefined (fullscreen)
x number X position of the webview in pixels from the left edge. Only effective when width is set. 0
y number Y position of the webview in pixels from the top edge. Only effective when height is set. 0
disableOverscroll boolean Disables the bounce (overscroll) effect on iOS WebView. When enabled, prevents the rubber band scrolling effect when users scroll beyond content boundaries. This is useful for: - Creating a more native, app-like experience - Preventing accidental overscroll states - Avoiding issues when keyboard opens/closes Note: This option only affects iOS. Android does not have this bounce effect by default. false 8.0.2
hidden boolean Opens the webview in hidden mode (not visible to user but fully functional). When hidden, the webview loads and executes JavaScript but is not displayed. All control methods (executeScript, postMessage, setUrl, etc.) work while hidden. Use close() to clean up the hidden webview when done. false 8.0.7
invisibilityMode InvisibilityMode Controls how a hidden webview reports its visibility and size. - AWARE: webview is aware it's hidden (dimensions may be zero). - FAKE_VISIBLE: webview is hidden but reports fullscreen dimensions (uses alpha=0 to remain invisible). InvisibilityMode.AWARE

Headers

Credentials

Prop Type
username string
password string

DisclaimerOptions

Prop Type Description Default
title string Title of the disclaimer dialog "Title"
message string Message shown in the disclaimer dialog "Message"
confirmBtn string Text for the confirm button "Confirm"
cancelBtn string Text for the cancel button "Cancel"

NativeProxyRule

Native-first proxy rule used on Android and iOS.

Any regex property that is omitted is treated as a wildcard.

Prop Type
id string
urlRegex string
methodRegex string
headerRegex string
bodyRegex string
statusRegex string
responseHeaderRegex string
responseBodyRegex string
mainFrameOnly boolean
action 'continue' | 'cancel' | 'delegateToJs'

ScreenshotResult

Prop Type Description
format 'png' Image format used for the screenshot.
mimeType 'image/png' MIME type of the generated screenshot.
base64 string Base64-encoded screenshot payload without the data URL prefix.
dataUrl string Data URL for direct use in HTML img tags or uploads.
width number Screenshot width in pixels.
height number Screenshot height in pixels.

PluginListenerHandle

Prop Type
remove () => Promise<void>

UrlEvent

Prop Type Description Since
id string Webview instance id.
url string Emit when the url changes 0.0.1

BtnEvent

Prop Type Description Since
id string Webview instance id.
url string Emit when a button is clicked. 0.0.1

DownloadCompletedEvent

Event emitted after a managed download is saved locally.

Prop Type Description
id string Source webview instance id.
sourceUrl string Original URL that triggered the download when available.
fileName string Saved filename.
mimeType string Resolved MIME type when available.
path string Absolute native filesystem path to the saved file.
localUrl string file:// URL pointing at the saved file.
handledBy DownloadHandledBy How native handled the downloaded file after saving it.

DownloadFailedEvent

Event emitted when managed download handling fails.

Prop Type Description
id string Source webview instance id.
sourceUrl string Original URL that triggered the download when available.
fileName string Intended filename when known.
mimeType string Resolved MIME type when available.
error string Native error message.

PopupWindowEvent

Event emitted when a web page opens a popup/new window.

Prop Type Description
id string Popup webview instance id.
parentId string Parent webview instance id.
url string Requested popup URL when available.
visible boolean Whether the popup was presented immediately.

ProxyRequest

Represents an intercepted HTTP request from the in-app browser webview.

Request and response bodies are base64-encoded when present.

Prop Type
requestId string
phase 'outbound' | 'inbound'
url string
method string
headers Record<string, string>
body string | null
status number
responseHeaders Record<string, string>
responseBody string | null
webviewId string

ConsoleMessageEvent

Event emitted when JavaScript running inside the managed webview writes to the console.

Enable this with captureConsoleLogs: true when opening the webview.

Prop Type Description
id string Source webview instance id.
level string Console method or normalized severity.
message string Joined string representation of the console arguments.
source string Script URL or page URL when available.
line number 1-based line number when available.
column number 1-based column number when available.
kind string Optional subtype for runtime-originated errors on supported platforms.

ProxyDecision

Decision returned to native when handling a proxied request.

Prop Type
request ProxyRequestOverride | null
response ProxyResponse | null
cancel boolean

ProxyRequestOverride

Request override returned to native for an outbound proxied request.

The body must be base64-encoded when present.

Prop Type
url string
method string
headers Record<string, string>
body string | null

ProxyResponse

Response payload returned to native for a proxied request.

The body must be base64-encoded.

Prop Type
body string
status number
headers Record<string, string>

DimensionOptions

Prop Type Description
width number Width of the webview in pixels
height number Height of the webview in pixels
x number X position from the left edge in pixels
y number Y position from the top edge in pixels

OpenSecureWindowResponse

Prop Type Description
redirectedUri string The result of the openSecureWindow call

OpenSecureWindowOptions

Prop Type Description Default Since
authEndpoint string The endpoint to open
redirectUri string The redirect URI to use for the openSecureWindow call. This will be checked to make sure it matches the redirect URI after the window finishes the redirection.
broadcastChannelName string The name of the broadcast channel to listen to, relevant only for web
prefersEphemeralWebBrowserSession boolean If true, the browser session will be ephemeral (no cookies or browsing data are shared with the system browser). On iOS, this sets prefersEphemeralWebBrowserSession = true on ASWebAuthenticationSession. On Android, ephemeral mode is always enabled via FLAG_ACTIVITY_NO_HISTORY regardless of this option. false 6.6.0

Type Aliases

ClearCookieOptions

Omit<HttpCookie, 'key' | 'value'>

Omit

Construct a type with the properties of T except for those in type K.

Pick<T, Exclude<keyof T, K>>

Pick

From T, pick a set of properties whose keys are in the union K

{ [P in K]: T[P]; }

Exclude

Exclude from T those types that are assignable to U

T extends U ? never : T

Record

Construct a type with a set of properties K of type T

{ [P in K]: T; }

GetCookieOptions

Omit<HttpCookie, 'key' | 'value'>

UrlChangeListener

(state: UrlEvent): void

ButtonNearListener

(state: object): void

ConfirmBtnListener

(state: BtnEvent): void

DownloadHandledBy

Native handling mode used after a managed download finishes.

'inAppBrowser' | 'systemPreview' | 'external'

Enums

ToolBarType

Members Value Description Since
ACTIVITY 'activity' Shows a simple toolbar with just a close button and share button 0.1.0
COMPACT 'compact' Shows a simple toolbar with just a close button 7.6.8
NAVIGATION 'navigation' Shows a full navigation toolbar with back/forward buttons 0.1.0
BLANK 'blank' Shows no toolbar 0.1.0

BackgroundColor

Members Value
WHITE 'white'
BLACK 'black'

InvisibilityMode

Members Value Description
AWARE 'AWARE' WebView is aware it is hidden (dimensions may be zero).
FAKE_VISIBLE 'FAKE_VISIBLE' WebView is hidden but reports fullscreen dimensions (uses alpha=0 to remain invisible).

Credits

About

Capacitor plugin in app browser with urlChangeEvent

capgo.app/?ref=plugin_inappbrowser

Topics

browser capacitor capacitor-plugin

Resources

Readme

License

MPL-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

120 stars

Watchers

3 watching

Forks

95 forks
Report repository

Releases 95

8.6.2 Latest
Apr 19, 2026
+ 94 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Contributors

Languages