拒绝显示框架,因为它将X-Frame-Options设置为“android webview中的DENY” [英] Refused to display a frame because it set X-Frame-Options to 'DENY in android webview
问题描述
当我尝试在webview中显示Google日历时,它显示一些错误:
$ b
[INFO:CONSOLE(0) ]拒绝显示https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com% 26ctz%3DAsia / Hong_Kong& followup = https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com%26ctz%3DAsia/Hong_Kong<mpl = mobile& ltmpl = mobilex& scc = 1'in a因为它将'X-Frame-Options'设置为'DENY'。,来源:about:blank(0)
这是html代码
< p>< iframe style =border:0; src =https://www.google.com/calendar/embed?src=etlwhk%40gmail.com&ctz=Asia/Hong_Kong&output=embedwidth =800height =600frameborder =0scrolling =no>< / iframe>< / p>
而对于android方面来说,它是一些简单的webview代码
StringBuilder sb = new StringBuilder();
sb.append(< HTML>< HEAD>< meta name ='viewport'content ='width = device-width,initial-scale = 1.0,maximum-scale = 1.0'>< style> img {display:inline; height:auto; max-width:100%} iframe {width:100%}< / style>< / HEAD>< body>);
sb.append(page.page_content_chi.toString());
sb.append(< / body>< / HTML>);
webview.loadDataWithBaseURL(file:/// android_asset /,sb.toString(),text / html,utf-8,null);
如何解决错误?感谢您的帮助。
您需要公开您的日历。这就是发生的事情 - 由于您试图显示的日历不是公开分享的,因此Google日历首先需要知道您是谁以决定向您展示的内容,因此会将您发送到Google登录页面。登录页面通过不允许在iframe中显示自身来防止点击劫持(这就是'X-Frame-Options'设置为'DENY'的意思)。
如果您将日历公开显示,则日历只会显示它,而不会尝试先登录您。有关如何共享日历,请参阅: https://support.google.com/calendar/answer / 37083
通过创建将日历嵌入到iframe中的简单测试页,然后打开它位于谷歌浏览器的隐身窗口中,您没有登录Google服务。除非您公开分享,Chrome也会拒绝显示日历。
When I try to show the google calendar in webview , it show some error:
[INFO:CONSOLE(0)] "Refused to display 'https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com%26ctz%3DAsia/Hong_Kong&followup=https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com%26ctz%3DAsia/Hong_Kong&btmpl=mobile<mpl=mobilex&scc=1' in a frame because it set 'X-Frame-Options' to 'DENY'.", source: about:blank (0)
And this is the html code
<p><iframe style="border: 0;" src="https://www.google.com/calendar/embed?src=etlwhk%40gmail.com&ctz=Asia/Hong_Kong&output=embed" width="800" height="600" frameborder="0" scrolling="no"></iframe></p>
And for the android side it is some simple webview code
StringBuilder sb = new StringBuilder();
sb.append("<HTML><HEAD><meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0'><style>img{display: inline; height: auto; max-width: 100%}iframe{width:100%}</style></HEAD><body>");
sb.append(page.page_content_chi.toString());
sb.append("</body></HTML>");
webview.loadDataWithBaseURL("file:///android_asset/", sb.toString(), "text/html", "utf-8", null);
How to fix the error? Thanks for helping.
You need to make your calendar public. This is what is happening -- as the calendar you are trying to display isn't shared publicly, Google Calendar first wants to know who you are in order to decide on what to show to you, so it sends you to the Google login page. The login page protects itself from click hijacking by disallowing displaying itself in an iframe (that's what 'X-Frame-Options' is set to 'DENY' means).
If you make the calendar publicly visible, Calendar will just show it, without trying to log you in first. On how to share the calendar, see this: https://support.google.com/calendar/answer/37083
You can trivially test on desktop whether this will work in WebView by creating a simple test page that embeds the calendar in an iframe, and then opening it in an Incognito window of Google Chrome, where you are not logged into Google services. Chrome will also be refusing to show Calendar until you make it publicly shared.
这篇关于拒绝显示框架,因为它将X-Frame-Options设置为“android webview中的DENY”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
