WebViewAssetLoader.InternalStoragePathHandler

public final class WebViewAssetLoader.InternalStoragePathHandler implements WebViewAssetLoader.PathHandler


Handler class to open files from application internal storage. For more information about android storage please refer to Android Developers Docs: Data and file storage overview.

To avoid leaking user or app data to the web, make sure to choose directory carefully, and assume any file under this directory could be accessed by any web page subject to same-origin rules.

A typical usage would be like:

File publicDir = new File(context.getFilesDir(), "public");
// Host "files/public/" in app's data directory under:
// http://appassets.androidplatform.net/public/...
WebViewAssetLoader assetLoader = new WebViewAssetLoader.Builder()
         .addPathHandler("/public/", new InternalStoragePathHandler(context, publicDir))
         .build();

Summary

Public constructors

InternalStoragePathHandler(
    @NonNull Context context,
    @NonNull File directory
)

Creates PathHandler for app's internal storage.

Public methods

@NonNull WebResourceResponse

Opens the requested file from the exposed data directory.

Public constructors

InternalStoragePathHandler

Added in 1.1.0
public InternalStoragePathHandler(
    @NonNull Context context,
    @NonNull File directory
)

Creates PathHandler for app's internal storage. The directory to be exposed must be inside either the application's internal data directory getDataDir or cache directory getCacheDir. External storage is not supported for security reasons, as other apps with WRITE_EXTERNAL_STORAGE may be able to modify the files.

Exposing the entire data or cache directory is not permitted, to avoid accidentally exposing sensitive application files to the web. Certain existing subdirectories of getDataDir are also not permitted as they are often sensitive. These files are ("app_webview/", "databases/", "lib/", "shared_prefs/" and "code_cache/").

The application should typically use a dedicated subdirectory for the files it intends to expose and keep them separate from other files.

Parameters
@NonNull Context context

Context that is used to access app's internal storage.

@NonNull File directory

the absolute path of the exposed app internal storage directory from which files can be loaded.

Throws
java.lang.IllegalArgumentException

if the directory is not allowed.

Public methods

handle

@WorkerThread
public @NonNull WebResourceResponse handle(@NonNull String path)

Opens the requested file from the exposed data directory.

The matched prefix path used shouldn't be a prefix of a real web path. Thus, if the requested file cannot be found or is outside the mounted directory a WebResourceResponse object with a nullInputStream will be returned instead of null. This saves the time of falling back to network and trying to resolve a path that doesn't exist. A WebResourceResponse with nullInputStream will be received as an HTTP response with status code 404 and no body.

The MIME type for the file will be determined from the file's extension using guessContentTypeFromName. Developers should ensure that files are named using standard file extensions. If the file does not have a recognised extension, "text/plain" will be used by default.

Parameters
@NonNull String path

the suffix path to be handled.

Returns
@NonNull WebResourceResponse

WebResourceResponse for the requested file.