Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
605 views
in Technique[技术] by (71.8m points)

javascript - Refused to display a frame because it set X-Frame-Options to 'DENY in android webview

When I try to show the google calendar in webview , it show some error:

[INFO:CONSOLE(0)] "Refused to display 'https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com%26ctz%3DAsia/Hong_Kong&followup=https://www.google.com/calendar/embed?src%3Detlwhk@gmail.com%26ctz%3DAsia/Hong_Kong&btmpl=mobile&ltmpl=mobilex&scc=1' in a frame because it set 'X-Frame-Options' to 'DENY'.", source: about:blank (0)

And this is the html code

<p><iframe style="border: 0;" src="https://www.google.com/calendar/embed?src=etlwhk%40gmail.com&amp;ctz=Asia/Hong_Kong&amp;output=embed" width="800" height="600" frameborder="0" scrolling="no"></iframe></p>

And for the android side it is some simple webview code

        StringBuilder sb = new StringBuilder();
        sb.append("<HTML><HEAD><meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0'><style>img{display: inline; height: auto; max-width: 100%}iframe{width:100%}</style></HEAD><body>");
        sb.append(page.page_content_chi.toString());
        sb.append("</body></HTML>");
        webview.loadDataWithBaseURL("file:///android_asset/", sb.toString(), "text/html", "utf-8", null); 

How to fix the error? Thanks for helping.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You need to make your calendar public. This is what is happening -- as the calendar you are trying to display isn't shared publicly, Google Calendar first wants to know who you are in order to decide on what to show to you, so it sends you to the Google login page. The login page protects itself from click hijacking by disallowing displaying itself in an iframe (that's what 'X-Frame-Options' is set to 'DENY' means).

If you make the calendar publicly visible, Calendar will just show it, without trying to log you in first. On how to share the calendar, see this: https://support.google.com/calendar/answer/37083

You can trivially test on desktop whether this will work in WebView by creating a simple test page that embeds the calendar in an iframe, and then opening it in an Incognito window of Google Chrome, where you are not logged into Google services. Chrome will also be refusing to show Calendar until you make it publicly shared.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...