@capgo/inappbrowser

April 19, 2026 · View on GitHub

➡️ Get Instant updates for your App with Capgo

{' '} Missing a feature? We’ll build the plugin for you 💪

Capacitor plugin in app browser with urlChangeEvent, two way communication, camera and microphone usage, etc.

Why InAppBrowser?

The official Capacitor Browser plugin has strict security limitations that prevent advanced features. InAppBrowser removes these restrictions, enabling:

Two-way communication between your app and the browser
JavaScript injection for dynamic content manipulation
Camera and microphone access within the browser context
URL change monitoring for navigation tracking
Custom toolbars and UI for branded experiences
Cookie and cache management for session control
Custom sizes for extra control of the display position

Perfect for OAuth flows, embedded web apps, video calls, and any scenario requiring deep integration with web content.

Documentation

The most complete doc is available here: https://capgo.app/docs/plugins/inappbrowser/

Compatibility

Plugin version	Capacitor compatibility	Maintained
v8..	v8..	✅
v7..	v7..	On demand
v6..	v6..	❌
v5..	v5..	❌

Note: The major version of this plugin follows the major version of Capacitor. Use the version that matches your Capacitor installation (e.g., plugin v8 for Capacitor 8). Only the latest major version is actively maintained.

Install

npm install @capgo/inappbrowser
npx cap sync

Usage

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.open({ url: 'YOUR_URL' });

Customize Chrome Custom Tab Appearance (Android)

The open() method launches a Chrome Custom Tab on Android. You can customize its appearance to blend with your app:

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.open({
  url: 'https://example.com',
  toolbarColor: '#1A1A2E', // Match your app's theme
  showTitle: true, // Show page title instead of raw URL
  showArrow: true, // Back arrow instead of X close icon
  urlBarHidingEnabled: true, // Auto-hide URL bar on scroll
  disableShare: true, // Remove share from overflow menu
  disableBookmark: true, // Hide bookmark icon (undocumented, may break)
  disableDownload: true, // Hide download icon (undocumented, may break)
});

All CCT options are Android-only and safely ignored on iOS. See OpenOptions for full documentation.

Open WebView with Custom Dimensions

By default, the webview opens in fullscreen. You can set custom dimensions to control the size and position:

import { InAppBrowser } from '@capgo/inappbrowser';

// Open with custom dimensions (400x600 at position 50,100)
const { id } = await InAppBrowser.openWebView({
  url: 'YOUR_URL',
  width: 400,
  height: 600,
  x: 50,
  y: 100,
});

// Update dimensions at runtime
InAppBrowser.updateDimensions({
  id, // Optional, if omitted targets the active webview
  width: 500,
  height: 700,
  x: 100,
  y: 150,
});

Touch Passthrough: When custom dimensions are set (not fullscreen), touches outside the webview bounds will pass through to the underlying Capacitor webview, allowing the user to interact with your app in the exposed areas. This enables picture-in-picture style experiences where the InAppBrowser floats above your content.

Open WebView with Safe Margin

To create a webView with a 20px bottom margin (safe margin area outside the browser):

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.openWebView({
  url: 'YOUR_URL',
  enabledSafeBottomMargin: true,
});

Web platform is not supported. Use window.open instead.

Open WebView in Full Screen Mode

To open the webview in true full screen mode (content extends behind the status bar), set enabledSafeTopMargin to false:

import { InAppBrowser } from '@capgo/inappbrowser';

InAppBrowser.openWebView({
  url: 'YOUR_URL',
  enabledSafeTopMargin: false, // Disables safe area at top, allows full screen
});

This option works independently of the toolbar type:

iOS: The webview extends behind the status bar, providing true edge-to-edge content
Android: The top margin is disabled, allowing content to fill the entire screen

Perfect for immersive experiences like video players, games, or full-screen web applications. Can be combined with any toolbarType setting.

Proxy examples

Important

Proxy handling changed substantially in 8.6.0. If you already rely on the older proxy flow, treat this as a breaking migration and retest your handlers before shipping. Existing proxy handlers are not assumed to be drop-in compatible just because the API name stayed the same.

Native-first matching now uses outboundProxyRules and inboundProxyRules.
JavaScript proxy handlers now receive a phase (outbound or inbound).
If you respond manually with handleProxyRequest(...), pass the same phase back to native.
Late replies without the original phase can now be ignored instead of mutating the wrong request stage.
proxyRequests: true and proxyRequests: "<regex>" remain legacy compatibility modes. Do not mix legacy mode with the new rule-based flow without retesting.
Existing proxy listeners that only key on URL/method and do not preserve phase are not drop-in compatible with the new flow.

Block one request natively

Use a native rule when you just want to stop a request without round-tripping through JavaScript:

import { InAppBrowser } from '@capgo/inappbrowser';

await InAppBrowser.openWebView({
  url: 'https://example.com',
  outboundProxyRules: [
    {
      urlRegex: '^https://www\\.google-analytics\\.com/.*',
      action: 'cancel',
    },
  ],
});

Stub one script from JavaScript

Use delegateToJs when you want native matching, but still want JavaScript to replace the response:

import { InAppBrowser, addProxyHandler } from '@capgo/inappbrowser';

const proxyHandle = await addProxyHandler(async (request) => {
  if (request.phase === 'inbound' && request.url.includes('connect.facebook.net')) {
    return new Response('window.FB = { init: () => {}, login: () => {}, getLoginStatus: () => {} };', {
      status: 200,
      headers: {
        'Content-Type': 'application/javascript; charset=utf-8',
      },
    });
  }

  return null;
});

await InAppBrowser.openWebView({
  url: 'https://www.grailed.com/users/sign_up',
  inboundProxyRules: [
    {
      urlRegex: '^https://connect\\.facebook\\.net/.*',
      action: 'delegateToJs',
    },
  ],
});

// Later, when you are done:
await proxyHandle.remove();

Rewrite an outbound API request in JavaScript

When a request must be modified before it leaves the webview, return a request override:

import { InAppBrowser, addProxyHandler } from '@capgo/inappbrowser';

const proxyHandle = await addProxyHandler(async (request) => {
  if (request.phase === 'outbound' && request.url.includes('/api/private')) {
    return {
      request: {
        url: request.url,
        headers: {
          ...request.headers,
          Authorization: 'Bearer MY_TOKEN',
          'X-Proxy-Debug': 'enabled',
        },
      },
    };
  }

  return null;
});

await InAppBrowser.openWebView({
  url: 'https://example.com/dashboard',
  outboundProxyRules: [
    {
      urlRegex: '^https://example\\.com/api/private.*',
      action: 'delegateToJs',
    },
  ],
});

// Later, when you are done:
await proxyHandle.remove();

Test app and code:

https://github.com/Cap-go/demo-app/blob/main/src/views/plugins/Web.vue

Camera usage

Android

Add the following to your AndroidManifest.xml file:

    <uses-permission android:name="android.permission.CAMERA" />
		<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
		<uses-permission android:name="android.permission.RECORD_AUDIO"/>

Then the permission will be asked when the camera is used.

iOS

Add the following to your Info.plist file:

<key>NSCameraUsageDescription</key>
<string>We need access to the camera to record audio.</string>

Microphone usage

Android

Add the following to your AndroidManifest.xml file:

<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />

Then the permission will be asked when the microphone is used.

iOS

Add the following to your Info.plist file:

<key>NSMicrophoneUsageDescription</key>
<string>We need access to the microphone to record audio.</string>

Location usage

Android

Add the following to your AndroidManifest.xml file:

<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />

Then the permission will be asked when location is requested by a website in the webview.

iOS

Add the following to your Info.plist file:

<key>NSLocationWhenInUseUsageDescription</key>
<string>We need access to your location to provide location-based services.</string>

Two way communication

With this plugin you can send events from the main app to the inappbrowser and vice versa.

The data is sent as a JSON object, so no functions or other non-JSON-serializable types are allowed.

Main app to inappbrowser, detail object is mendatory

const { id } = await InAppBrowser.openWebView({ url: 'YOUR_URL' });
InAppBrowser.postMessage({ id, detail: { message: 'myMessage' } });
// Or broadcast to all open webviews
InAppBrowser.postMessage({ detail: { message: 'broadcast' } });

Receive event from native in the inappbrowser

window.addEventListener('messageFromNative', (event) => {
  console.log(event);
});

Send event from inappbrowser to main app, detail object is mendatory

window.mobileApp.postMessage({ detail: { message: 'myMessage' } });

Receive event from inappbrowser in the main app

InAppBrowser.addListener('messageFromWebview', (event) => {
  console.log(event.id, event.detail);
});

Close inappbrowser from inappbrowser itself

window.mobileApp.close();

Google Pay (Android)

To enable Google Pay inside the in-app browser on Android you must do all three of the following:

1. Enable the option when opening the browser

Pass enableGooglePaySupport: true in your openWebView call:

InAppBrowser.openWebView({
  url: 'https://your-checkout-page.example.com',
  enableGooglePaySupport: true,
});

2. Add Payment Request intent queries to your `AndroidManifest.xml`

Android 11+ enforces Package Visibility. Without these entries the WebView cannot discover Google Pay and the payment sheet will never appear.

Add the following inside the <manifest> tag of your app's AndroidManifest.xml (typically android/app/src/main/AndroidManifest.xml):

<queries>
  <!-- Required for Google Pay / Payment Request API in WebView -->
  <intent>
    <action android:name="org.chromium.intent.action.PAY" />
  </intent>
  <intent>
    <action android:name="org.chromium.intent.action.IS_READY_TO_PAY" />
  </intent>
  <intent>
    <action android:name="org.chromium.intent.action.UPDATE_PAYMENT_DETAILS" />
  </intent>
</queries>

3. Require WebView 120 or later

The W3C Payment Request API (used by Google Pay) requires Android WebView 120+. Devices running an older WebView version will not be able to complete Google Pay transactions. Most modern Android devices already meet this requirement.

API

goBack(...)
open(...)
clearCookies(...)
clearAllCookies(...)
clearCache(...)
getCookies(...)
close(...)
hide(...)
show(...)
openWebView(...)
executeScript(...)
postMessage(...)
takeScreenshot(...)
setUrl(...)
addListener('urlChangeEvent', ...)
addListener('buttonNearDoneClick', ...)
addListener('closeEvent', ...)
addListener('confirmBtnClicked', ...)
addListener('messageFromWebview', ...)
addListener('screenshotTaken', ...)
addListener('browserPageLoaded', ...)
addListener('pageLoadError', ...)
addListener('downloadCompleted', ...)
addListener('downloadFailed', ...)
addListener('popupWindowOpened', ...)
addListener('proxyRequest', ...)
addListener('consoleMessage', ...)
handleProxyRequest(...)
removeAllListeners()
reload(...)
updateDimensions(...)
setEnabledSafeTopMargin(...)
setEnabledSafeBottomMargin(...)
openSecureWindow(...)
Interfaces
Type Aliases
Enums

goBack(...)

goBack(options?: { id?: string | undefined; } | undefined) => Promise<{ canGoBack: boolean; }>

Navigates back in the WebView's history if possible

Param	Type
`options`	`{ id?: string; }`

Returns: Promise<{ canGoBack: boolean; }>

Since: 7.21.0

open(...)

open(options: OpenOptions) => Promise<any>

Open url in a new window fullscreen, on android it use chrome custom tabs, on ios it use SFSafariViewController

Param	Type
`options`	`OpenOptions`

Returns: Promise<any>

Since: 0.1.0

clearCookies(...)

clearCookies(options: ClearCookieOptions) => Promise<any>

Clear cookies of url When id is omitted, applies to all open webviews.

Param	Type
`options`	`ClearCookieOptions`

Returns: Promise<any>

Since: 0.5.0

clearAllCookies(...)

clearAllCookies(options?: { id?: string | undefined; } | undefined) => Promise<any>

Clear all cookies When id is omitted, applies to all open webviews.

Param	Type
`options`	`{ id?: string; }`

Returns: Promise<any>

Since: 6.5.0

clearCache(...)

clearCache(options?: { id?: string | undefined; } | undefined) => Promise<any>

Clear cache When id is omitted, applies to all open webviews.

Param	Type
`options`	`{ id?: string; }`

Returns: Promise<any>

Since: 6.5.0

getCookies(...)

getCookies(options: GetCookieOptions) => Promise<Record<string, string>>

Get cookies for a specific URL.

Param	Type	Description
`options`	`GetCookieOptions`	The options, including the URL to get cookies for.

Returns: Promise<Record<string, string>>

close(...)

close(options?: CloseWebviewOptions | undefined) => Promise<any>

Close the webview. When id is omitted, closes the active webview.

Param	Type
`options`	`CloseWebviewOptions`

Returns: Promise<any>

hide(...)

hide(options?: { id?: string | undefined; } | undefined) => Promise<void>

Hide the webview without closing it. Use show() to bring it back. When id is omitted, targets the active webview.

Param	Type
`options`	`{ id?: string; }`

Since: 8.0.8

show(...)

show(options?: { id?: string | undefined; } | undefined) => Promise<void>

Show a previously hidden webview. When id is omitted, targets the active webview.

Param	Type
`options`	`{ id?: string; }`

Since: 8.0.8

openWebView(...)

openWebView(options: OpenWebViewOptions) => Promise<{ id: string; }>

Open url in a new webview with toolbars, and enhanced capabilities, like camera access, file access, listen events, inject javascript, bi directional communication, etc.

JavaScript Interface: When you open a webview with this method, a JavaScript interface is automatically injected that provides:

window.mobileApp.close(): Closes the webview from JavaScript
window.mobileApp.postMessage({detail: {message: "myMessage"}}): Sends a message from the webview to the app, detail object is the data you want to send to the webview
window.mobileApp.takeScreenshot() when allowScreenshotsFromWebPage is true

Promise timing differs by platform when isPresentAfterPageLoad is used. Android resolves with { id } after the dialog is ready to control, while iOS resolves with { id } immediately after creating the native webview.

Param	Type
`options`	`OpenWebViewOptions`

Returns: Promise<{ id: string; }>

Since: 0.1.0

executeScript(...)

executeScript(options: { code: string; id?: string; }) => Promise<void>

Injects JavaScript code into the InAppBrowser window. When id is omitted, executes in all open webviews.

Param	Type
`options`	`{ code: string; id?: string; }`

postMessage(...)

postMessage(options: { detail: Record<string, any>; id?: string; }) => Promise<void>

Sends an event to the webview(inappbrowser). you can listen to this event in the inappbrowser JS with window.addEventListener("messageFromNative", listenerFunc: (event: Record<string, any>) => void) detail is the data you want to send to the webview, it's a requirement of Capacitor we cannot send direct objects Your object has to be serializable to JSON, so no functions or other non-JSON-serializable types are allowed. When id is omitted, broadcasts to all open webviews.

Param	Type
`options`	`{ detail: Record<string, any>; id?: string; }`

takeScreenshot(...)

takeScreenshot(options?: { id?: string | undefined; } | undefined) => Promise<ScreenshotResult>

Captures the current webview viewport as a PNG screenshot. When id is omitted, targets the active webview.

Param	Type
`options`	`{ id?: string; }`

Returns: Promise<ScreenshotResult>

setUrl(...)

setUrl(options: { url: string; id?: string; }) => Promise<any>

Sets the URL of the webview. When id is omitted, targets the active webview.

Param	Type
`options`	`{ url: string; id?: string; }`

Returns: Promise<any>

addListener('urlChangeEvent', ...)

addListener(eventName: 'urlChangeEvent', listenerFunc: UrlChangeListener) => Promise<PluginListenerHandle>

Listen for url change, only for openWebView

Param	Type
`eventName`	`'urlChangeEvent'`
`listenerFunc`	`UrlChangeListener`

Returns: Promise<PluginListenerHandle>

Since: 0.0.1

addListener('buttonNearDoneClick', ...)

addListener(eventName: 'buttonNearDoneClick', listenerFunc: ButtonNearListener) => Promise<PluginListenerHandle>

Param	Type
`eventName`	`'buttonNearDoneClick'`
`listenerFunc`	`ButtonNearListener`

Returns: Promise<PluginListenerHandle>

addListener('closeEvent', ...)

addListener(eventName: 'closeEvent', listenerFunc: UrlChangeListener) => Promise<PluginListenerHandle>

Listen for close click only for openWebView

Param	Type
`eventName`	`'closeEvent'`
`listenerFunc`	`UrlChangeListener`

Returns: Promise<PluginListenerHandle>

Since: 0.4.0

addListener('confirmBtnClicked', ...)

addListener(eventName: 'confirmBtnClicked', listenerFunc: ConfirmBtnListener) => Promise<PluginListenerHandle>

Will be triggered when user clicks on confirm button when disclaimer is required, works with openWebView shareDisclaimer and closeModal

Param	Type
`eventName`	`'confirmBtnClicked'`
`listenerFunc`	`ConfirmBtnListener`

Returns: Promise<PluginListenerHandle>

Since: 0.0.1

addListener('messageFromWebview', ...)

addListener(eventName: 'messageFromWebview', listenerFunc: (event: { id?: string; detail?: Record<string, any>; rawMessage?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered when event is sent from webview(inappbrowser), to send an event to the main app use window.mobileApp.postMessage({ "detail": { "message": "myMessage" } }) detail is the data you want to send to the main app, it's a requirement of Capacitor we cannot send direct objects Your object has to be serializable to JSON, no functions or other non-JSON-serializable types are allowed.

This method is inject at runtime in the webview

Param	Type
`eventName`	`'messageFromWebview'`
`listenerFunc`	`(event: { id?: string; detail?: Record<string, any>; rawMessage?: string; }) => void`

Returns: Promise<PluginListenerHandle>

addListener('screenshotTaken', ...)

addListener(eventName: 'screenshotTaken', listenerFunc: (event: ScreenshotResult & { id?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered whenever a screenshot is captured from the plugin API, the native screenshot button, or the injected JavaScript bridge.

Param	Type
`eventName`	`'screenshotTaken'`
`listenerFunc`	`(event: ScreenshotResult & { id?: string; }) => void`

Returns: Promise<PluginListenerHandle>

addListener('browserPageLoaded', ...)

addListener(eventName: 'browserPageLoaded', listenerFunc: (event: { id?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered when page is loaded

Param	Type
`eventName`	`'browserPageLoaded'`
`listenerFunc`	`(event: { id?: string; }) => void`

Returns: Promise<PluginListenerHandle>

addListener('pageLoadError', ...)

addListener(eventName: 'pageLoadError', listenerFunc: (event: { id?: string; }) => void) => Promise<PluginListenerHandle>

Will be triggered when page load error

Param	Type
`eventName`	`'pageLoadError'`
`listenerFunc`	`(event: { id?: string; }) => void`

Returns: Promise<PluginListenerHandle>

addListener('downloadCompleted', ...)

addListener(eventName: 'downloadCompleted', listenerFunc: (event: DownloadCompletedEvent) => void) => Promise<PluginListenerHandle>

Will be triggered after native download handling saves a file locally. Enable this with handleDownloads: true when opening the webview.

Param	Type
`eventName`	`'downloadCompleted'`
`listenerFunc`	`(event: DownloadCompletedEvent) => void`

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('downloadFailed', ...)

addListener(eventName: 'downloadFailed', listenerFunc: (event: DownloadFailedEvent) => void) => Promise<PluginListenerHandle>

Will be triggered when native download handling fails. Enable this with handleDownloads: true when opening the webview.

Param	Type
`eventName`	`'downloadFailed'`
`listenerFunc`	`(event: DownloadFailedEvent) => void`

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('popupWindowOpened', ...)

addListener(eventName: 'popupWindowOpened', listenerFunc: (event: PopupWindowEvent) => void) => Promise<PluginListenerHandle>

Will be triggered whenever a page opens a popup/new window. Use the returned popup id with executeScript, postMessage, show, hide, and close.

Param	Type
`eventName`	`'popupWindowOpened'`
`listenerFunc`	`(event: PopupWindowEvent) => void`

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('proxyRequest', ...)

addListener(eventName: 'proxyRequest', listenerFunc: (event: ProxyRequest) => void) => Promise<PluginListenerHandle>

Listen for proxied requests delegated by the native runtime. Prefer addProxyHandler() instead of calling this directly.

Param	Type
`eventName`	`'proxyRequest'`
`listenerFunc`	`(event: ProxyRequest) => void`

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

addListener('consoleMessage', ...)

addListener(eventName: 'consoleMessage', listenerFunc: (event: ConsoleMessageEvent) => void) => Promise<PluginListenerHandle>

Listen for JavaScript console output emitted by the managed page. Enable this with captureConsoleLogs: true when opening the webview.

Param	Type
`eventName`	`'consoleMessage'`
`listenerFunc`	`(event: ConsoleMessageEvent) => void`

Returns: Promise<PluginListenerHandle>

Since: 8.6.0

handleProxyRequest(...)

handleProxyRequest(options: { requestId: string; decision?: ProxyDecision | null; response?: ProxyResponse | null; webviewId?: string; phase?: 'outbound' | 'inbound'; }) => Promise<void>

Internal method used by addProxyHandler() to send a proxy decision back to native. Forward the original phase when replying to a manual proxyRequest listener.

Param	Type
`options`	`{ requestId: string; decision?: ProxyDecision \| null; response?: ProxyResponse \| null; webviewId?: string; phase?: 'outbound' \| 'inbound'; }`

Since: 8.6.0

removeAllListeners()

removeAllListeners() => Promise<void>

Remove all listeners for this plugin.

Since: 1.0.0

reload(...)

reload(options?: { id?: string | undefined; } | undefined) => Promise<any>

Reload the current web page.

Param	Type
`options`	`{ id?: string; }`

Returns: Promise<any>

Since: 1.0.0

updateDimensions(...)

updateDimensions(options: DimensionOptions & { id?: string; }) => Promise<void>

Update the dimensions of the webview. Allows changing the size and position of the webview at runtime. When id is omitted, targets the active webview.

Param	Type	Description
`options`	`DimensionOptions & { id?: string; }`	Dimension options (width, height, x, y)

setEnabledSafeTopMargin(...)

setEnabledSafeTopMargin(options: { enabled: boolean; id?: string; }) => Promise<void>

Sets the enabled safe top margin of the webview at runtime. When id is omitted, targets the active webview. On Web, this method is a no-op and resolves without changing layout.

Param	Type
`options`	`{ enabled: boolean; id?: string; }`

setEnabledSafeBottomMargin(...)

setEnabledSafeBottomMargin(options: { enabled: boolean; id?: string; }) => Promise<void>

Sets the enabled safe bottom margin of the webview at runtime. When id is omitted, targets the active webview. On Web, this method is a no-op and resolves without changing layout.

Param	Type
`options`	`{ enabled: boolean; id?: string; }`

openSecureWindow(...)

openSecureWindow(options: OpenSecureWindowOptions) => Promise<OpenSecureWindowResponse>

Opens a secured window for OAuth2 authentication. For web, you should have the code in the redirected page to use a broadcast channel to send the redirected url to the app Something like:

&lt;html&gt;
&lt;head&gt;&lt;/head&gt;
&lt;body&gt;
&lt;script&gt;
  const searchParams = new URLSearchParams(location.search)
  if (searchParams.has("code")) {
    new BroadcastChannel("my-channel-name").postMessage(location.href);
    window.close();
  }
&lt;/script&gt;
&lt;/body&gt;
&lt;/html&gt;

For mobile, you should have a redirect uri that opens the app, something like: myapp://oauth_callback/ And make sure to register it in the app's info.plist:

&lt;key&gt;CFBundleURLTypes&lt;/key&gt;
&lt;array&gt;
   &lt;dict&gt;
      &lt;key&gt;CFBundleURLSchemes&lt;/key&gt;
      &lt;array&gt;
         &lt;string&gt;myapp&lt;/string&gt;
      &lt;/array&gt;
   &lt;/dict&gt;
&lt;/array&gt;

And in the AndroidManifest.xml file:

&lt;activity&gt;
   &lt;intent-filter&gt;
      &lt;action android:name="android.intent.action.VIEW" /&gt;
      &lt;category android:name="android.intent.category.DEFAULT" /&gt;
      &lt;category android:name="android.intent.category.BROWSABLE" /&gt;
      &lt;data android:host="oauth_callback" android:scheme="myapp" /&gt;
   &lt;/intent-filter&gt;
&lt;/activity&gt;

Param	Type	Description
`options`	`OpenSecureWindowOptions`	- the options for the openSecureWindow call

Returns: Promise<OpenSecureWindowResponse>

Interfaces

OpenOptions

Prop	Type	Description	Default	Since
`url`	`string`	Target URL to load.		0.1.0
`isPresentAfterPageLoad`	`boolean`	if true, the browser will be presented after the page is loaded, if false, the browser will be presented immediately.		0.1.0
`preventDeeplink`	`boolean`	if true the deeplink will not be opened, if false the deeplink will be opened when clicked on the link		0.1.0
`toolbarColor`	`string`	Toolbar background color in hex format (e.g., "#1A1A2E"). Applied to both light and dark color schemes. Also sets the navigation bar color to match. Android only — ignored on iOS.		8.2.0
`urlBarHidingEnabled`	`boolean`	Whether the URL bar should auto-hide when the user scrolls down. The bar reappears on any upward scroll. Android only — ignored on iOS.	`false`	8.2.0
`showTitle`	`boolean`	Show the page's HTML <title> in the toolbar instead of the raw URL. The true URL is still visible when the user taps the title area. Android only — ignored on iOS.	`false`	8.2.0
`showArrow`	`boolean`	Replace the default "X" close icon with a back arrow. Makes the Custom Tab feel like a native navigation push rather than a modal overlay. Android only — ignored on iOS.	`false`	8.2.0
`disableShare`	`boolean`	Remove the share action from the overflow menu. Android only — ignored on iOS.	`false`	8.2.0
`disableBookmark`	`boolean`	Hide the bookmark star icon in the overflow menu. Uses an undocumented Chromium intent extra — may stop working on future Chrome updates. Android only — ignored on iOS.	`false`	8.2.0
`disableDownload`	`boolean`	Hide the download icon in the overflow menu. Uses an undocumented Chromium intent extra — may stop working on future Chrome updates. Android only — ignored on iOS.	`false`	8.2.0

ClearCookieOptions

Prop	Type	Description
`id`	`string`	Target webview id. When omitted, applies to all open webviews.
`url`	`string`

HttpCookie

Prop	Type	Description
`url`	`string`	The URL of the cookie.
`key`	`string`	The key of the cookie.
`value`	`string`	The value of the cookie.

GetCookieOptions

Prop	Type
`url`	`string`
`includeHttpOnly`	`boolean`

CloseWebviewOptions

Prop	Type	Description	Default
`id`	`string`	Target webview id to close. If omitted, closes the active webview.
`isAnimated`	`boolean`	Whether the webview closing is animated or not, ios only	`true`

OpenWebViewOptions

Prop	Type	Description	Default	Since
`url`	`string`	Target URL to load.		0.1.0
`headers`	`Headers`	Headers to send with the request.		0.1.0
`credentials`	`Credentials`	Credentials to send with the request and all subsequent requests for the same host.		6.1.0
`method`	`string`	HTTP method to use for the initial request. Optional parameter - defaults to GET if not specified. Existing code that doesn't provide this parameter will continue to work unchanged with standard GET requests. When specified with 'POST', 'PUT', or 'PATCH' methods that support a body, you can also provide a `body` parameter with the request payload. Platform Notes: - iOS: Full support for all HTTP methods with headers - Android: Custom headers may not be sent with POST/PUT/PATCH requests due to WebView limitations	`"GET"`	8.2.0
`body`	`string`	HTTP body to send with the request when using POST, PUT, or other methods that support a body. Should be a string (use JSON.stringify for JSON data). Optional parameter - only used when `method` is specified and supports a request body. Omitting this parameter (or using GET method) results in standard behavior without a request body.		8.2.0
`materialPicker`	`boolean`	materialPicker: if true, uses Material Design theme for date and time pickers on Android. This improves the appearance of HTML date inputs to use modern Material Design UI instead of the old style pickers.	`false`	7.4.1
`jsInterface`		JavaScript Interface: The webview automatically injects a JavaScript interface providing: - `window.mobileApp.close()`: Closes the webview from JavaScript - `window.mobileApp.postMessage(obj)`: Sends a message to the app (listen via "messageFromWebview" event) - `window.mobileApp.hide()` / `window.mobileApp.show()` when allowWebViewJsVisibilityControl is true in CapacitorConfig - `window.mobileApp.takeScreenshot()` when `allowScreenshotsFromWebPage` is true		6.10.0
`allowScreenshotsFromWebPage`	`boolean`	Allows page JavaScript to call `window.mobileApp.takeScreenshot()`. Disabled by default so only the host app can trigger native screenshots through the plugin API.	`false`	8.4.0
`captureConsoleLogs`	`boolean`	Emits `consoleMessage` events for JavaScript `console.*` output coming from the managed page. Useful when the webview stays hidden and you still need page-level diagnostics.	`false`	8.6.0
`handleDownloads`	`boolean`	Automatically handles downloads triggered inside the webview without requiring a custom JavaScript bridge. When enabled: - Standard attachment responses are written to a temporary file. - `blob:` downloads are also captured when the platform supports them. - Previewable files reopen inside the in-app browser when possible. - Other files are handed off to the native preview or viewer flow. - `downloadCompleted` and `downloadFailed` events notify the host app about the saved file.	`false`	8.6.0
`shareDisclaimer`	`DisclaimerOptions`	Share options for the webview. When provided, shows a disclaimer dialog before sharing content. This is useful for: - Warning users about sharing sensitive information - Getting user consent before sharing - Explaining what will be shared - Complying with privacy regulations Note: shareSubject is required when using shareDisclaimer		0.1.0
`toolbarType`	`ToolBarType`	Toolbar type determines the appearance and behavior of the browser's toolbar - "activity": Shows a simple toolbar with just a close button and share button - "navigation": Shows a full navigation toolbar with back/forward buttons - "blank": Shows no toolbar - "": Default toolbar with close button	`ToolBarType.DEFAULT`	0.1.0
`shareSubject`	`string`	Subject text for sharing. Required when using shareDisclaimer. This text will be used as the subject line when sharing content.		0.1.0
`title`	`string`	Title of the browser	`"New Window"`	0.1.0
`backgroundColor`	`BackgroundColor`	Background color of the browser	`BackgroundColor.BLACK`	0.1.0
`activeNativeNavigationForWebview`	`boolean`	If true, enables native navigation gestures within the webview. - Android: Native back button navigates within webview history - iOS: Enables swipe left/right gestures for back/forward navigation	`false (Android), true (iOS - enabled by default)`
`disableGoBackOnNativeApplication`	`boolean`	Disable the possibility to go back on native application, useful to force user to stay on the webview, Android only	`false`
`isPresentAfterPageLoad`	`boolean`	Open url in a new window fullscreen isPresentAfterPageLoad: if true, the browser will be presented after the page is loaded, if false, the browser will be presented immediately. Promise timing: on Android, `openWebView()` resolves with the webview id when the webview is ready to be controlled (immediately for hidden/immediate presentation, after the first page load when `isPresentAfterPageLoad` is `true`). On iOS, the promise resolves with the id as soon as the native webview is created, even if presentation is deferred.	`false`	0.1.0
`isInspectable`	`boolean`	Whether the website in the webview is inspectable or not, ios only	`false`
`isAnimated`	`boolean`	Whether the webview opening is animated or not, ios only	`true`
`showReloadButton`	`boolean`	Shows a reload button that reloads the web page	`false`	1.0.15
`closeModal`	`boolean`	CloseModal: if true a confirm will be displayed when user clicks on close button, if false the browser will be closed immediately.	`false`	1.1.0
`closeModalTitle`	`string`	CloseModalTitle: title of the confirm when user clicks on close button	`"Close"`	1.1.0
`closeModalDescription`	`string`	CloseModalDescription: description of the confirm when user clicks on close button	`"Are you sure you want to close this window?"`	1.1.0
`closeModalOk`	`string`	CloseModalOk: text of the confirm button when user clicks on close button	`"Close"`	1.1.0
`closeModalCancel`	`string`	CloseModalCancel: text of the cancel button when user clicks on close button	`"Cancel"`	1.1.0
`closeModalURLPattern`	`string`	closeModalURLPattern: a regex pattern to match against the current URL when the close button is pressed. When provided along with closeModal: true, the close confirmation modal is only shown if the current URL matches this pattern. If the current URL does not match, the browser closes immediately without showing the modal. Requires closeModal to be true.		7.2.0
`visibleTitle`	`boolean`	visibleTitle: if true the website title would be shown else shown empty	`true`	1.2.5
`toolbarColor`	`string`	toolbarColor: color of the toolbar in hex format	`"#ffffff"`	1.2.5
`toolbarTextColor`	`string`	toolbarTextColor: color of the buttons and title in the toolbar in hex format When set, it overrides the automatic light/dark mode detection for text color	`calculated based on toolbarColor brightness`	6.10.0
`showArrow`	`boolean`	showArrow: if true an arrow would be shown instead of cross for closing the window	`false`	1.2.5
`ignoreUntrustedSSLError`	`boolean`	ignoreUntrustedSSLError: if true, the webview will ignore untrusted SSL errors allowing the user to view the website.	`false`	6.1.0
`preShowScript`	`string`	preShowScript: if isPresentAfterPageLoad is true and this variable is set the plugin will inject a script before showing the browser. This script will be run in an async context. The plugin will wait for the script to finish (max 10 seconds)		6.6.0
`preShowScriptInjectionTime`	`'documentStart' \| 'pageLoad'`	preShowScriptInjectionTime: controls when the preShowScript is injected. - "documentStart": injects before any page JavaScript runs (good for polyfills like Firebase) - "pageLoad": injects after page load (default, original behavior)	`"pageLoad"`	7.26.0
`proxyRequests`	`string \| boolean`	Proxy interception mode. - `true`: legacy blanket mode, delegates all HTTP/HTTPS requests to JavaScript. - `string`: Android-only regex mode kept for backward compatibility. Prefer `outboundProxyRules` and `inboundProxyRules` for native-first matching.		6.9.0
`outboundProxyRules`	`NativeProxyRule[]`	Native-first outbound proxy rules.		8.6.0
`inboundProxyRules`	`NativeProxyRule[]`	Native-first inbound proxy rules.		8.6.0
`buttonNearDone`	`{ ios: { iconType: 'sf-symbol' \| 'asset'; icon: string; }; android: { iconType: 'asset' \| 'vector'; icon: string; width?: number; height?: number; }; }`	buttonNearDone allows for a creation of a custom button near the done/close button. The button is only shown when toolbarType is not "activity", "navigation", or "blank". For Android: - iconType must be "asset" - icon path should be in the public folder (e.g. "monkey.svg") - width and height are optional, defaults to 48dp - button is positioned at the end of toolbar with 8dp margin For iOS: - iconType can be "sf-symbol" or "asset" - for sf-symbol, icon should be the symbol name - for asset, icon should be the asset name		6.7.0
`showScreenshotButton`	`boolean`	Shows a native screenshot button near the done/close button. The button is hidden by default and captures the current viewport when tapped. This option uses the same toolbar slot as `buttonNearDone` and is therefore incompatible with it. The button is only shown when toolbarType is not "activity", "navigation", or "blank".	`false`	8.4.0
`textZoom`	`number`	textZoom: sets the text zoom of the page in percent. Allows users to increase or decrease the text size for better readability.	`100`	7.6.0
`enableZoom`	`boolean`	enableZoom: enables pinch-to-zoom gestures in the Android WebView. When true, built-in zoom controls are enabled and the zoom buttons are hidden. Android only — ignored on iOS where zoom is enabled by default.	`false`	8.5.0
`preventDeeplink`	`boolean`	preventDeeplink: if true, the deeplink will not be opened, if false the deeplink will be opened when clicked on the link. on IOS each schema need to be added to info.plist file under LSApplicationQueriesSchemes when false to make it work.	`false`	0.1.0
`openBlankTargetInWebView`	`boolean`	When true, HTTP and HTTPS links opened from `target="_blank"` anchors stay in the current webview instead of spawning a popup or opening in the system browser. By default, blank-target HTTP(S) links stay inside the plugin as managed popups that share cookies with the opener; enabling this option keeps everything in the same tab. Custom schemes such as `tel:` and `mailto:` and authorized app links still prefer their native handlers unless `preventDeeplink` is enabled.	`false`	8.5.6
`authorizedAppLinks`	`string[]`	List of base URLs whose hosts are treated as authorized App Links (Android) and Universal Links (iOS). - On both platforms, only HTTPS links whose host matches any entry in this list will attempt to open via the corresponding native application. - If the app is not installed or the system cannot handle the link, the URL will continue loading inside the in-app browser. - Matching is host-based (case-insensitive), ignoring the "www." prefix. - When `preventDeeplink` is enabled, all external handling is blocked regardless of this list.	`[]`	7.12.0
`enabledSafeBottomMargin`	`boolean`	If true, the webView will not take the full height and will have a 20px margin at the bottom. This creates a safe margin area outside the browser view.	`false`	7.13.0
`enabledSafeTopMargin`	`boolean`	If false, the webView will extend behind the status bar for true full-screen immersive content. When true (default), respects the safe area at the top of the screen. Works independently of toolbarType - use for full-screen video players, games, or immersive web apps.	`true`	8.2.0
`useTopInset`	`boolean`	When true, applies the system status bar inset as the WebView top margin on Android. Keeps the legacy 0px margin by default for apps that handle padding themselves.	`false`
`enableGooglePaySupport`	`boolean`	enableGooglePaySupport: if true, enables support for Google Pay popups and Payment Request API. This fixes OR_BIBED_15 errors by allowing popup windows and configuring Cross-Origin-Opener-Policy. Only enable this if you need Google Pay functionality as it allows popup windows. When enabled: - Allows popup windows for Google Pay authentication - Sets proper CORS headers for Payment Request API - Enables multiple window support in WebView - Configures secure context for payment processing	`false`	7.13.0
`hiddenPopupWindow`	`boolean`	Opens popup windows created by the page in hidden mode. Hidden popup windows can still be controlled with `executeScript`, `postMessage`, `show`, and `close`. Listen to `popupWindowOpened` to capture the popup id, then call `show({ id })` only if you want to reveal it.	`false`	8.6.0
`blockedHosts`	`string[]`	blockedHosts: List of host patterns that should be blocked from loading in the InAppBrowser's internal navigations. Any request inside WebView to a URL with a host matching any of these patterns will be blocked. Supports wildcard patterns like: - ".example.com" to block all subdomains - "www.example." to block wildcard domain extensions	`[]`	7.17.0
`width`	`number`	Width of the webview in pixels. If not set, webview will be fullscreen width.	`undefined (fullscreen)`
`height`	`number`	Height of the webview in pixels. If not set, webview will be fullscreen height.	`undefined (fullscreen)`
`x`	`number`	X position of the webview in pixels from the left edge. Only effective when width is set.	`0`
`y`	`number`	Y position of the webview in pixels from the top edge. Only effective when height is set.	`0`
`disableOverscroll`	`boolean`	Disables the bounce (overscroll) effect on iOS WebView. When enabled, prevents the rubber band scrolling effect when users scroll beyond content boundaries. This is useful for: - Creating a more native, app-like experience - Preventing accidental overscroll states - Avoiding issues when keyboard opens/closes Note: This option only affects iOS. Android does not have this bounce effect by default.	`false`	8.0.2
`hidden`	`boolean`	Opens the webview in hidden mode (not visible to user but fully functional). When hidden, the webview loads and executes JavaScript but is not displayed. All control methods (executeScript, postMessage, setUrl, etc.) work while hidden. Use close() to clean up the hidden webview when done.	`false`	8.0.7
`invisibilityMode`	`InvisibilityMode`	Controls how a hidden webview reports its visibility and size. - AWARE: webview is aware it's hidden (dimensions may be zero). - FAKE_VISIBLE: webview is hidden but reports fullscreen dimensions (uses alpha=0 to remain invisible).	`InvisibilityMode.AWARE`

Headers

Credentials

Prop	Type
`username`	`string`
`password`	`string`

DisclaimerOptions

Prop	Type	Description	Default
`title`	`string`	Title of the disclaimer dialog	`"Title"`
`message`	`string`	Message shown in the disclaimer dialog	`"Message"`
`confirmBtn`	`string`	Text for the confirm button	`"Confirm"`
`cancelBtn`	`string`	Text for the cancel button	`"Cancel"`

NativeProxyRule

Native-first proxy rule used on Android and iOS.

Any regex property that is omitted is treated as a wildcard.

Prop	Type
`id`	`string`
`urlRegex`	`string`
`methodRegex`	`string`
`headerRegex`	`string`
`bodyRegex`	`string`
`statusRegex`	`string`
`responseHeaderRegex`	`string`
`responseBodyRegex`	`string`
`mainFrameOnly`	`boolean`
`action`	`'continue' \| 'cancel' \| 'delegateToJs'`

ScreenshotResult

Prop	Type	Description
`format`	`'png'`	Image format used for the screenshot.
`mimeType`	`'image/png'`	MIME type of the generated screenshot.
`base64`	`string`	Base64-encoded screenshot payload without the data URL prefix.
`dataUrl`	`string`	Data URL for direct use in HTML img tags or uploads.
`width`	`number`	Screenshot width in pixels.
`height`	`number`	Screenshot height in pixels.

PluginListenerHandle

Prop	Type
`remove`	`() => Promise<void>`

UrlEvent

Prop	Type	Description	Since
`id`	`string`	Webview instance id.
`url`	`string`	Emit when the url changes	0.0.1

BtnEvent

Prop	Type	Description	Since
`id`	`string`	Webview instance id.
`url`	`string`	Emit when a button is clicked.	0.0.1

DownloadCompletedEvent

Event emitted after a managed download is saved locally.

Prop	Type	Description
`id`	`string`	Source webview instance id.
`sourceUrl`	`string`	Original URL that triggered the download when available.
`fileName`	`string`	Saved filename.
`mimeType`	`string`	Resolved MIME type when available.
`path`	`string`	Absolute native filesystem path to the saved file.
`localUrl`	`string`	`file://` URL pointing at the saved file.
`handledBy`	`DownloadHandledBy`	How native handled the downloaded file after saving it.

DownloadFailedEvent

Event emitted when managed download handling fails.

Prop	Type	Description
`id`	`string`	Source webview instance id.
`sourceUrl`	`string`	Original URL that triggered the download when available.
`fileName`	`string`	Intended filename when known.
`mimeType`	`string`	Resolved MIME type when available.
`error`	`string`	Native error message.

PopupWindowEvent

Event emitted when a web page opens a popup/new window.

Prop	Type	Description
`id`	`string`	Popup webview instance id.
`parentId`	`string`	Parent webview instance id.
`url`	`string`	Requested popup URL when available.
`visible`	`boolean`	Whether the popup was presented immediately.

ProxyRequest

Represents an intercepted HTTP request from the in-app browser webview.

Request and response bodies are base64-encoded when present.

Prop	Type
`requestId`	`string`
`phase`	`'outbound' \| 'inbound'`
`url`	`string`
`method`	`string`
`headers`	`Record<string, string>`
`body`	`string \| null`
`status`	`number`
`responseHeaders`	`Record<string, string>`
`responseBody`	`string \| null`
`webviewId`	`string`

ConsoleMessageEvent

Event emitted when JavaScript running inside the managed webview writes to the console.

Enable this with captureConsoleLogs: true when opening the webview.

Prop	Type	Description
`id`	`string`	Source webview instance id.
`level`	`string`	Console method or normalized severity.
`message`	`string`	Joined string representation of the console arguments.
`source`	`string`	Script URL or page URL when available.
`line`	`number`	1-based line number when available.
`column`	`number`	1-based column number when available.
`kind`	`string`	Optional subtype for runtime-originated errors on supported platforms.

ProxyDecision

Decision returned to native when handling a proxied request.

Prop	Type
`request`	`ProxyRequestOverride \| null`
`response`	`ProxyResponse \| null`
`cancel`	`boolean`

ProxyRequestOverride

Request override returned to native for an outbound proxied request.

The body must be base64-encoded when present.

Prop	Type
`url`	`string`
`method`	`string`
`headers`	`Record<string, string>`
`body`	`string \| null`

ProxyResponse

Response payload returned to native for a proxied request.

The body must be base64-encoded.

Prop	Type
`body`	`string`
`status`	`number`
`headers`	`Record<string, string>`

DimensionOptions

Prop	Type	Description
`width`	`number`	Width of the webview in pixels
`height`	`number`	Height of the webview in pixels
`x`	`number`	X position from the left edge in pixels
`y`	`number`	Y position from the top edge in pixels

OpenSecureWindowResponse

Prop	Type	Description
`redirectedUri`	`string`	The result of the openSecureWindow call

OpenSecureWindowOptions

Prop	Type	Description	Default	Since
`authEndpoint`	`string`	The endpoint to open
`redirectUri`	`string`	The redirect URI to use for the openSecureWindow call. This will be checked to make sure it matches the redirect URI after the window finishes the redirection.
`broadcastChannelName`	`string`	The name of the broadcast channel to listen to, relevant only for web
`prefersEphemeralWebBrowserSession`	`boolean`	If true, the browser session will be ephemeral (no cookies or browsing data are shared with the system browser). On iOS, this sets `prefersEphemeralWebBrowserSession = true` on `ASWebAuthenticationSession`. On Android, ephemeral mode is always enabled via `FLAG_ACTIVITY_NO_HISTORY` regardless of this option.	`false`	6.6.0

Members	Value	Description	Since
`ACTIVITY`	`'activity'`	Shows a simple toolbar with just a close button and share button	0.1.0
`COMPACT`	`'compact'`	Shows a simple toolbar with just a close button	7.6.8
`NAVIGATION`	`'navigation'`	Shows a full navigation toolbar with back/forward buttons	0.1.0
`BLANK`	`'blank'`	Shows no toolbar	0.1.0

BackgroundColor

Members	Value
`WHITE`	`'white'`
`BLACK`	`'black'`

InvisibilityMode

Members	Value	Description
`AWARE`	`'AWARE'`	WebView is aware it is hidden (dimensions may be zero).
`FAKE_VISIBLE`	`'FAKE_VISIBLE'`	WebView is hidden but reports fullscreen dimensions (uses alpha=0 to remain invisible).

Credits

WKWebViewController - for iOS
CapBrowser - For the base in capacitor v2

Plugin version	Capacitor compatibility	Maintained
v8..	v8..	✅
v7..	v7..	On demand
v6..	v6..	❌
v5..	v5..	❌