linked: clear cookies and don't save form data in oauth webview

1 files changed, 5 insertions, 1 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/linked/LinkedIdCreateGithubFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/linked/LinkedIdCreateGithubFragment.java
index 0cc21f448..eeb2ad116 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/linked/LinkedIdCreateGithubFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/linked/LinkedIdCreateGithubFragment.java
@@ -423,7 +423,7 @@ public class LinkedIdCreateGithubFragment extends CryptoOperationFragment<SaveKe
         final Dialog auth_dialog = new Dialog(activity);
         auth_dialog.setContentView(R.layout.oauth_webview);
         WebView web = (WebView) auth_dialog.findViewById(R.id.web_view);
-        web.getSettings().setJavaScriptEnabled(true);
+        web.getSettings().setSaveFormData(false);
         web.setWebViewClient(new WebViewClient() {
 
             boolean authComplete = false;
@@ -445,6 +445,10 @@ public class LinkedIdCreateGithubFragment extends CryptoOperationFragment<SaveKe
 
                     Log.d(Constants.TAG, "got ok response, code is " + mOAuthCode);
 
+                    CookieManager cookieManager = CookieManager.getInstance();
+                    // noinspection deprecation (replacement is api lvl 21)
+                    cookieManager.removeAllCookie();
+
                     auth_dialog.dismiss();
                     return true;
                 }