“ Content-Security-Policy”,“ frame-ancestors *”来自android_asset [英] "Content-Security-Policy", "frame-ancestors *" from android_asset
本文介绍了“ Content-Security-Policy”,“ frame-ancestors *”来自android_asset的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在编写一个Android应用程序,该应用程序加载本地网页,并将该页面发布到某个内部iframe中,该iframe会显示有关该用户的数据。
I am writing an Android-App, which loads a local webpage, and that page, posts to some inner iframe, which in reply will display data regarding that user.
由于以下原因,远程站点拒绝显示在我的 android_asset / page.html 上:
The remote site refuses to display on my android_asset/page.html because of:
拒绝在框架中显示 https:// example / foo / bar,因为祖先违反了以下内容安全策略指令: frame-ancestors *。
我的代码是:
mWebView.getSettings().setJavaScriptEnabled(true);
mWebView.setWebViewClient(webViewClient);
mWebView.setWebChromeClient(webChromeClient);
mWebView.getSettings().setAllowFileAccessFromFileURLs(true);
mWebView.getSettings().setAllowFileAccess(true);
mWebView.getSettings().setAllowUniversalAccessFromFileURLs(true);
// this should do the trick... but it does not
Map<String, String> extra = new HashMap<>();
extra.put("Content-Security-Policy", "frame-ancestors *" );
mWebView.loadUrl("file:///android_asset/page.html", extra);
BTW:这样做,无济于事:
BTW: Doing this, will not help as its not supported:
<head>
<meta http-equiv="Content-Security-Policy" content="frame-ancestors *">
</head>
推荐答案
解决方案很简单:
我从 loadUrl()更改为 loadDataWithBaseUrl(),代码:
try {
String thePage = readRawText(getAssets().open("page.html"));
mWebView.loadDataWithBaseURL("https://my-epic-site/", thePage, "text/html", "utf-8", "about:blank");
} catch (IOException e) {
e.printStackTrace();
}
public static String readRawText(InputStream inputStream) throws IOException {
if (inputStream == null) {
return null;
}
BufferedReader bufferedReader= new BufferedReader(new InputStreamReader(inputStream));
StringBuilder fileContent = new StringBuilder();
String currentLine = bufferedReader.readLine();
while (currentLine != null) {
fileContent.append(currentLine);
fileContent.append("\n");
currentLine = bufferedReader.readLine();
}
return fileContent.toString();
}
这使页面认为它源自同一域。
This makes the page, thinks it originated from the same domain.
这篇关于“ Content-Security-Policy”,“ frame-ancestors *”来自android_asset的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
