拒绝显示框架，因为它在 android webview 中将 X-Frame-Options 设置为“DENY" [英] Refused to display a frame because it set X-Frame-Options to 'DENY in android webview

问题描述

当我尝试在 webview 中显示谷歌日历时，它显示一些错误:

When I try to show the google calendar in webview , it show some error:

[INFO:CONSOLE(0)] "Refused to display 'https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com%26ctz%3DAsia/Hong_Kong&followup=https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com%26ctz%3DAsia/Hong_Kong&btmpl=mobile&ltmpl=mobilex&scc=1' in a frame because it set 'X-Frame-Options' to 'DENY'.", source: about:blank (0)

这是html代码

<p><iframe style="border: 0;" src="https://www.google.com/calendar/embed?src=etlwhk%40gmail.com&amp;ctz=Asia/Hong_Kong&amp;output=embed" width="800" height="600" frameborder="0" scrolling="no"></iframe></p>

Android 端则是一些简单的 webview 代码

And for the android side it is some simple webview code

        StringBuilder sb = new StringBuilder();
        sb.append("<HTML><HEAD><meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0'><style>img{display: inline; height: auto; max-width: 100%}iframe{width:100%}</style></HEAD><body>");
        sb.append(page.page_content_chi.toString());
        sb.append("</body></HTML>");
        webview.loadDataWithBaseURL("file:///android_asset/", sb.toString(), "text/html", "utf-8", null); 

如何修复错误?感谢您的帮助.

How to fix the error? Thanks for helping.

推荐答案

您需要将日历设为公开.这就是正在发生的事情——由于您尝试显示的日历未公开共享，因此 Google 日历首先想知道您是谁，以便决定向您展示什么，因此它会将您发送到 Google 登录页面.登录页面通过禁止在 iframe 中显示自己来保护自己免受点击劫持(这就是 'X-Frame-Options' 设置为 'DENY' 的意思).

You need to make your calendar public. This is what is happening -- as the calendar you are trying to display isn't shared publicly, Google Calendar first wants to know who you are in order to decide on what to show to you, so it sends you to the Google login page. The login page protects itself from click hijacking by disallowing displaying itself in an iframe (that's what 'X-Frame-Options' is set to 'DENY' means).

如果您将日历设为公开可见，日历只会显示它，而不会先尝试让您登录.关于如何共享日历，请参阅:https://support.google.com/calendar/answer/37083

If you make the calendar publicly visible, Calendar will just show it, without trying to log you in first. On how to share the calendar, see this: https://support.google.com/calendar/answer/37083

您可以通过创建一个将日历嵌入 iframe 的简单测试页面，然后在未登录 Google 服务的 Google Chrome 隐身窗口中打开它，在桌面上简单地测试这是否适用于 WebView.在您公开共享日历之前，Chrome 也将拒绝显示日历.

You can trivially test on desktop whether this will work in WebView by creating a simple test page that embeds the calendar in an iframe, and then opening it in an Incognito window of Google Chrome, where you are not logged into Google services. Chrome will also be refusing to show Calendar until you make it publicly shared.

这篇关于拒绝显示框架，因为它在 android webview 中将 X-Frame-Options 设置为“DENY"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！