在Android WebView中浏览X-Frame-Options DENY [英] Getting around X-Frame-Options DENY in an Android WebView
问题描述
我正在尝试实施类似于这个问题。
I am attempting to implement a technique similar to the one describe in this question.
我有一个在webview中运行的android应用程序(基于Cordova构建的Ionic)。基本上我想要做的是将页面加载到iframe并在此页面上执行一些工作。许多网站使用 X-Frame-Options:DENY 标头禁止将其内容加载到iFrame中。在Chrome扩展程序中,你可以通过拦截webrequest并删除该标题来解决这个问题。
I have an android application (Ionic built on top of Cordova) that runs in a webview. Basically what I want to do is load a page into an iframe and perform some work on this page. Many website uses the X-Frame-Options: DENY header to disallow their content from being loaded in an iFrame. In a chrome extension you can get around this by intercepting the webrequest and removing that header.
我已经覆盖了 shouldInterceptRequest 此处的功能: https://developer.android.com/reference/android /webkit/WebViewClient.html
I've overridden the shouldInterceptRequest function here: https://developer.android.com/reference/android/webkit/WebViewClient.html
// Handle API until level 21
@TargetApi(Build.VERSION_CODES.LOLLIPOP)
@Override
public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
try {
WebResourceResponse cordovaResponse = super.shouldInterceptRequest(view, request);
if(cordovaResponse != null) {
return cordovaResponse;
}
String url = request.getUrl().toString();
HttpURLConnection urlConnection = (HttpURLConnection) new URL(url).openConnection();
urlConnection.connect();
//view.loadUrl(url, getCustomHeaders());
WebResourceResponse response = new WebResourceResponse(urlConnection.getContentType(),
urlConnection.getContentEncoding(),
urlConnection.getInputStream());
Map<String, String> headers = response.getResponseHeaders();
if(headers != null){
response.setResponseHeaders(removeXOriginHeaders(headers));
}
return response;
} catch(MalformedURLException e) {
e.printStackTrace();
return null;
}
catch (IOException e) {
e.printStackTrace();
return null;
}
}`
但是当收到所有请求的标题时上面的方法它们是null,当内容放入iframe时,它不会产生完全形成的Document。
but when the headers for all requests are received using the above method they are null and when the content is put into the iframe, it doesn't result in a fully formed Document.
chrome调试器提供以下消息:资源被解释为文档但以MIME类型text / html传输; charset = UTF-8:
The chrome debugger provides this message: Resource interpreted as Document but transferred with MIME type text/html;charset=UTF-8:
就像页面一样使用xhr获取内容然后卡在Document的单个元素内,而不是像使用iframe时那样加载(所有脚本运行到执行,后续ajax请求被触发等)。
It's like the page content is fetched using xhr and then stuck inside a single element of the Document as opposed to loading as it normally would when using an iframe (all scripts run to execution, subsequent ajax requests fired etc).
在删除了那个单一的标题之后,有没有在iframe中加载页面内容?
Is there anyway to get the page content to load in the iframe after having removed that single header?
推荐答案
我能够通过使用此处的OkHttpClient解决我的问题: http://square.github.io/ okhttp / 而不是java URLConnection
I was able to solve my problem by using the OkHttpClient found here: http://square.github.io/okhttp/ instead of the java URLConnection
// Handle API until level 21
@TargetApi(Build.VERSION_CODES.LOLLIPOP)
@Override
public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
try {
WebResourceResponse cordovaResponse = super.shouldInterceptRequest(view, request);
if(cordovaResponse != null) {
return cordovaResponse;
}
String url = request.getUrl().toString();
OkHttpClient httpClient = new OkHttpClient();
Request okRequest = new Request.Builder()
.url(url)
.build();
Response response = httpClient.newCall(okRequest).execute();
Response modifiedResponse = response.newBuilder()
.removeHeader("x-frame-options")
.removeHeader("frame-options")
.build();
return new WebResourceResponse("text/html",
modifiedResponse.header("content-encoding", "utf-8"),
modifiedResponse.body().byteStream()
);
} catch(MalformedURLException e) {
e.printStackTrace();
return null;
}
catch (IOException e) {
e.printStackTrace();
return null;
}
}
这篇关于在Android WebView中浏览X-Frame-Options DENY的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
