Home > Net >  cordova android 10 WebViewAssetLoader prevents iframe from sourcing from app data directory
cordova android 10 WebViewAssetLoader prevents iframe from sourcing from app data directory

Time:02-10

The file: protocol has been deemed insecure, so the latest Cordova release of Android uses WebViewAssetLoader, which serves the app bundle's www folder as https://localhost/ as a way to replace the need for file:

This means that the <content src="index.html" /> in config.xml loads in as https://localhost/index.html

In my app, index.html contains an iframe that loads in different html files at runtime, determined by a script. Something like this:

var iframe = document.getElementById("main");
iframe.src = "{location}";

This works fine when loading html files that are bundled, https://localhost/ver/content.html. However, the app does download new content which has to be saved to internal storage, cordova.file.dataDirectory.

The internal storage exists outside of the https://localhost/ and so when attempting to source the new content's html file into the iframe, I can really only use the cdvfile: protocol (using resolveLocalFileSystemURL and fileEntry.toInternalURL()).

Doing so produces errors, like this:

Mixed Content: The page at 'https://localhost/index.html' was loaded over HTTPS, but requested an insecure resource 'cdvfile://localhost/files/newver/content.html'. This request has been blocked; the content must be served over HTTPS.", source: https://localhost/index.html

So basically I need to somehow serve cordova.file.dataDirectory via https: or figure out a way around it... so far unsuccessful.

I've tried running httpd-server plugin, but it was only http: not https:. I've also tried <preference name="AndroidInsecureFileModeEnabled" value="true" /> and <application android:usesCleartextTraffic="true" /> with no difference.

It would be great if the app does not have to give up on loading via iframe. Even so, the new content includes script files that are hot-loaded like this:

var script = document.createElement("script");
script.src = "{location}";

So this would have the same problem.

iOS has a handy function, WkWebView.convertFilePath() which works around the issue. Android does not seem to have a similar option.

Thanks for your help.

CodePudding user response:

Page link:https//www.codepudding.com/net/294016.html

Prev:Can a paired/bonded bluetooth device wake an Oreo or higher Android device
Next:Flutter Application with Keycloack
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding