1

I am attempting to implement a technique similar to the one describe in this question.

I have an android application (Ionic built on top of Cordova) that runs in a webview. Basically what I want to do is load a page into an iframe and perform some work on this page. Many website uses the X-Frame-Options: DENY header to disallow their content from being loaded in an iFrame. In a chrome extension you can get around this by intercepting the webrequest and removing that header.

I've overridden the shouldInterceptRequest function here: https://developer.android.com/reference/android/webkit/WebViewClient.html

  // Handle API until level 21
  @TargetApi(Build.VERSION_CODES.LOLLIPOP)
  @Override
  public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
    try {
      WebResourceResponse cordovaResponse = super.shouldInterceptRequest(view, request);
      if(cordovaResponse != null) {
        return cordovaResponse;
      }
      String url = request.getUrl().toString();
      HttpURLConnection urlConnection = (HttpURLConnection) new URL(url).openConnection();
      urlConnection.connect();
      //view.loadUrl(url, getCustomHeaders());
      WebResourceResponse response = new WebResourceResponse(urlConnection.getContentType(),
        urlConnection.getContentEncoding(),
        urlConnection.getInputStream());
      Map<String, String> headers = response.getResponseHeaders();
      if(headers != null){
        response.setResponseHeaders(removeXOriginHeaders(headers));
      }
      return response;

    } catch(MalformedURLException e) {
      e.printStackTrace();
      return null;
    }
    catch (IOException e) {
      e.printStackTrace();
      return null;
    }
  }`

but when the headers for all requests are received using the above method they are null and when the content is put into the iframe, it doesn't result in a fully formed Document.

The chrome debugger provides this message: Resource interpreted as Document but transferred with MIME type text/html;charset=UTF-8:

It's like the page content is fetched using xhr and then stuck inside a single element of the Document as opposed to loading as it normally would when using an iframe (all scripts run to execution, subsequent ajax requests fired etc).

Is there anyway to get the page content to load in the iframe after having removed that single header?

Community
  • 1
  • 1
Gabe O'Leary
  • 2,010
  • 4
  • 24
  • 41

1 Answers1

3

I was able to solve my problem by using the OkHttpClient found here: http://square.github.io/okhttp/ instead of the java URLConnection

  // Handle API until level 21
  @TargetApi(Build.VERSION_CODES.LOLLIPOP)
  @Override
      public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
        try {
          WebResourceResponse cordovaResponse = super.shouldInterceptRequest(view, request);
          if(cordovaResponse != null) {
            return cordovaResponse;
          }
          String url = request.getUrl().toString();
          OkHttpClient httpClient = new OkHttpClient();
          Request okRequest = new Request.Builder()
            .url(url)
            .build();
          Response response = httpClient.newCall(okRequest).execute();
          Response modifiedResponse = response.newBuilder()
            .removeHeader("x-frame-options")
            .removeHeader("frame-options")
            .build();
          return new WebResourceResponse("text/html",
            modifiedResponse.header("content-encoding", "utf-8"),
            modifiedResponse.body().byteStream()
          );

    } catch(MalformedURLException e) {
      e.printStackTrace();
      return null;
    }
    catch (IOException e) {
      e.printStackTrace();
      return null;
    }
  }
Gabe O'Leary
  • 2,010
  • 4
  • 24
  • 41