WebView URL filtering #3442
WebView URL filtering #3442
Conversation
* implented on_navigation_started for android * extended the webview example
* applied black
| @Override(jboolean, [A_WebView, WebResourceRequest]) | ||
| def shouldOverrideUrlLoading(self, webview, webresourcerequest): | ||
| if self.webview_impl.interface.on_navigation_starting: | ||
| event = TogaNavigationEvent(webresourcerequest) |
There was a problem hiding this comment.
I'm a little confused about what is going on here. TogaNavigationEvent is a Python class, wrapping a request and a cancel attribute. It's never assigned to anything, or passed as an argument to anything - then it's cleared. Why is it required at all?
| @@ -86,3 +117,7 @@ def evaluate_javascript(self, javascript, on_result=None): | |||
|
|
|||
| self.native.evaluateJavascript(javascript, ReceiveString(result)) | |||
| return result | |||
|
|
|||
| def set_on_navigation_starting(self, handler): | |||
There was a problem hiding this comment.
At this point, I'm pretty sure we've removed all the "set_on_..." methods; unless there's a specific use case (and it doesn't look like there is), this can be removed.
| @@ -33,6 +33,7 @@ def __init__( | |||
| url: str | None = None, | |||
| content: str | None = None, | |||
| user_agent: str | None = None, | |||
| on_navigation_starting=None, | |||
There was a problem hiding this comment.
This needs a type declaration (if only for documentation purposes)
| @@ -53,6 +53,10 @@ build_gradle_dependencies = [ | |||
| "com.google.android.material:material:1.12.0", | |||
| ] | |||
|
|
|||
| build_gradle_extra_content=""" | |||
| chaquopy.defaultConfig.staticProxy("toga_android.widgets.webview") | |||
| """ | |||
There was a problem hiding this comment.
Hrm... Requiring users to manually inject an "extra content" block to make a feature work is a problematic requirement. I understand why it's needed - but we possibly need to solve the bigger problem of allowing toga to declare a list of "classes that need a static proxy".
There was a problem hiding this comment.
I agree. But this probably means that this PR cannot be merged any time soon, right?
There was a problem hiding this comment.
It depends how essential the change is.
If a WebView will continue to work on Android, but this feature won't work without the extra content declaration, we can probably merge it. We will need to add a set of platform notes in the docs, and we'll need to prioritise finding a better fix - but I don't think it needs to be a complete blocker.
However, if Webview (or the whole Android backend) won't work at all if this addition isn't in place, then we'll need to solve that problem first.
| allow = False | ||
| message = f"Navigation not allowed to: {url}" | ||
| dialog = toga.InfoDialog("on_navigation_starting()", message) | ||
| asyncio.create_task(self.dialog(dialog)) |
There was a problem hiding this comment.
It might be easier to make on_navigation_starting an async callback, and then await the response.
| event = TogaNavigationEvent(webresourcerequest) | ||
| allow = self.webview_impl.interface.on_navigation_starting( | ||
| webresourcerequest.getUrl().toString() | ||
| ) |
There was a problem hiding this comment.
I haven't checked, but this could be a problem if on_navigation_starting is an async callback, because the returned value will be a future.
| @@ -92,6 +106,9 @@ def startup(self): | |||
| on_webview_load=self.on_webview_load, | |||
| style=Pack(flex=1), | |||
| ) | |||
| # activate web navigation filtering on supported platforms | |||
| if getattr(self.webview._impl, "SUPPORTS_ON_NAVIGATION_STARTING", True): | |||
There was a problem hiding this comment.
Good instinct, but it's fine for the example to raise a warning if a feature isn't available.
| @@ -136,6 +135,10 @@ def winforms_initialization_completed(self, sender, args): | |||
| settings.IsSwipeNavigationEnabled = False | |||
| settings.IsZoomControlEnabled = True | |||
|
|
|||
| self.native.CoreWebView2.NavigationStarting += ( | |||
| self.winforms_navigation_starting | |||
There was a problem hiding this comment.
This almost certainly needs a WeakrefCallable wrapper.
There was a problem hiding this comment.
You mean like the winforms_FormClosing in the winforms dialogs module?
There was a problem hiding this comment.
Yes - you can see the same handling in NavigationCompleted and CoreWebView2InitializationCompleted in the WebView widget.
| def winforms_navigation_starting(self, sender, event): | ||
| # print(f"winforms_navigation_starting: {event.Uri}") | ||
| if self.interface.on_navigation_starting: | ||
| allow = self.interface.on_navigation_starting(event.Uri) |
There was a problem hiding this comment.
As with the Android version, this needs to handle a Future being returned.
|
@freakboy3742 I wonder if it is possible to make the on_navigation_starting handler async when it is being called by a native event. Aren't those native events always synchronous? |
Yes, native event handlers are always synchronous - but Toga events must be able to be defined asynchronously. That's why they return a future; we need to make sure that if a future is returned, we wait for that future. |
This PR aims to implement URL filtering for WebView on Windows and Android.
Possible use cases are:
PR Checklist: