2

I have web app running on a local web server that I am trying to interact with via a webview. I have link that will return a PDF where content-disposition is attachment (it is a requirement that the file be downloaded and opened by the system default pdf reader).

I have looked through what I can find on dealing with permission requests in Chrome apps. At this point I can't even get an acknowledgement that the app is even receiving a permission request. Am I doing something wrong? Probably. What is it?

Here is the link from my web app.

<a href="/mypage/publication_file/8827">Download</a>

Here is my manifest.

{
  "app": {
    "background": {
      "scripts": [ "main.js" ]
     }
   },
  "icons": {
   "128": "icon_128.png",
   "16": "icon_16.png"
  },
  "manifest_version": 2,
  "minimum_chrome_version": "30",
  "name": "PED",
  "permissions": [ "webview" ],
  "version": "0.0.0"
}

Here is my JS.

chrome.app.runtime.onLaunched.addListener(function() {
  runApp();
});

function runApp() {
  chrome.app.window.create('browser.html', {
    bounds: {
     'width': 1280,
     'height': 768
    }
  });
}

var webview = document.getElementById("webview");
webview.addEventListener('permissionrequest', function(e) {
  console.log("permission requested")
});

When I click on my link I don't get my message on the console.

Xan
  • 74,770
  • 16
  • 179
  • 206
Huliax
  • 1,489
  • 3
  • 15
  • 27
  • 1
    I'm assuming the last 4 lines of code in your JS listing are in the browser.html window context, and not in main.js? – kqnr Dec 14 '13 at 00:19
  • No, that is all in main.js. It didn't occur to me that the browser context wouldn't have access to main.js. I'll try moving things about. Thanks for the hint :-) – Huliax Dec 14 '13 at 11:07
  • Did you ever manage to solve this? – Zenexer Jul 03 '15 at 10:07

1 Answers1

3
var webview = null;

function isSafeUrl(url) {
  // You may want to perform a more rigorous check.
  // There's a technique that creates an <a> to parse the URI, but that seems
  // like a security risk.
  return !!url.match(/^(?:ftp|https?):\/\//i);
}

function onPermissionRequest(event) {
  switch (event.permission) {
    case 'download':
      if (isSafeUrl(event.request.url)) {
        event.request.allow();
      } else {
        event.request.deny();
      }
      break;

    // You can add code for other permissions here.
  }
}

function onDomReady() {
  webview = document.getElementById('webview');
  webview.addEventListener('permissionrequest', onPermissionRequest);
}

document.addEventListener('DOMContentLoaded', onDomReady);
Zenexer
  • 18,788
  • 9
  • 71
  • 77