Google is committed to advancing racial equity for Black communities. See how.

WebViewAssetLoader.InternalStoragePathHandler

public static final class WebViewAssetLoader.InternalStoragePathHandler
extends Object implements WebViewAssetLoader.PathHandler

java.lang.Object
   ↳ androidx.webkit.WebViewAssetLoader.InternalStoragePathHandler

Handler class to open files from application internal storage. For more information about android storage please refer to Android Developers Docs: Data and file storage overview.

To avoid leaking user or app data to the web, make sure to choose directory carefully, and assume any file under this directory could be accessed by any web page subject to same-origin rules.

A typical usage would be like: 

 File publicDir = new File(context.getFilesDir(), "public");
 // Host "files/public/" in app's data directory under:
 // http://appassets.androidplatform.net/public/...
 WebViewAssetLoader assetLoader = new WebViewAssetLoader.Builder()
          .addPathHandler("/public/", new InternalStoragePathHandler(context, publicDir))
          .build();

Summary

Public constructors

InternalStoragePathHandler(Context context, File directory)

Creates PathHandler for app's internal storage.

Public methods

WebResourceResponse handle(String path)

Opens the requested file from the exposed data directory.

Inherited methods

Public constructors

InternalStoragePathHandler

public InternalStoragePathHandler (Context context, 
                File directory)

Creates PathHandler for app's internal storage. The directory to be exposed must be inside either the application's internal data directory Context.getDataDir() or cache directory Context.getCacheDir(). External storage is not supported for security reasons, as other apps with Manifest.permission.WRITE_EXTERNAL_STORAGE may be able to modify the files.

Exposing the entire data or cache directory is not permitted, to avoid accidentally exposing sensitive application files to the web. Certain existing subdirectories of Context.getDataDir() are also not permitted as they are often sensitive. These files are ("app_webview/", "databases/", "lib/", "shared_prefs/" and "code_cache/").

The application should typically use a dedicated subdirectory for the files it intends to expose and keep them separate from other files.

Parameters
context Context: Context that is used to access app's internal storage.
directory File: the absolute path of the exposed app internal storage directory from which files can be loaded.
Throws
IllegalArgumentException if the directory is not allowed.

Public methods

handle

public WebResourceResponse handle (String path)

Opens the requested file from the exposed data directory.

The matched prefix path used shouldn't be a prefix of a real web path. Thus, if the requested file cannot be found or is outside the mounted directory a WebResourceResponse object with a null InputStream will be returned instead of null. This saves the time of falling back to network and trying to resolve a path that doesn't exist. A WebResourceResponse with null InputStream will be received as an HTTP response with status code 404 and no body.

The MIME type for the file will be determined from the file's extension using URLConnection.guessContentTypeFromName(String). Developers should ensure that files are named using standard file extensions. If the file does not have a recognised extension, "text/plain" will be used by default.

Parameters
path String: the suffix path to be handled.
Returns
WebResourceResponse WebResourceResponse for the requested file.