Android Dev Summit, October 23-24: two days of technical content, directly from the Android team. Sign-up for livestream updates.

InternalStoragePathHandler

class InternalStoragePathHandler : WebViewAssetLoader.PathHandler
kotlin.Any
   ↳ androidx.webkit.WebViewAssetLoader.InternalStoragePathHandler

Handler class to open files from application internal storage. For more information about android storage please refer to Android Developers Docs: Data and file storage overview.

To avoid leaking user or app data to the web, make sure to choose directory carefully, and assume any file under this directory could be accessed by any web page subject to same-origin rules.

A typical usage would be like:

File publicDir = new File(context.getFilesDir(), "public");
          // Host "files/public/" in app's data directory under:
          // http://appassets.androidplatform.net/public/...
          WebViewAssetLoader assetLoader = new WebViewAssetLoader.Builder()
                   .addPathHandler("/public/", new InternalStoragePathHandler(context, publicDir))
                   .build();
      

Summary

Public constructors

<init>(@NonNull context: Context, @NonNull directory: File)

Creates PathHandler for app's internal storage.

Public methods

WebResourceResponse
handle(@NonNull path: String)

Opens the requested file from the exposed data directory.

Public constructors

<init>

InternalStoragePathHandler(@NonNull context: Context, @NonNull directory: File)

Creates PathHandler for app's internal storage. The directory to be exposed must be inside either the application's internal data directory Context#getDataDir or cache directory Context#getCacheDir. External storage is not supported for security reasons, as other apps with android.Manifest.permission#WRITE_EXTERNAL_STORAGE may be able to modify the files.

Exposing the entire data or cache directory is not permitted, to avoid accidentally exposing sensitive application files to the web. Certain existing subdirectories of Context#getDataDir are also not permitted as they are often sensitive. These files are ("app_webview/", "databases/", "lib/", "shared_prefs/" and "code_cache/").

The application should typically use a dedicated subdirectory for the files it intends to expose and keep them separate from other files.

Parameters
context Context: Context that is used to access app's internal storage.
directory Context: the absolute path of the exposed app internal storage directory from which files can be loaded.
Exceptions
IllegalArgumentException if the directory is not allowed.

Public methods

handle

@WorkerThread @NonNull fun handle(@NonNull path: String): WebResourceResponse

Opens the requested file from the exposed data directory.

The matched prefix path used shouldn't be a prefix of a real web path. Thus, if the requested file cannot be found or is outside the mounted directory a WebResourceResponse object with a null InputStream will be returned instead of null. This saves the time of falling back to network and trying to resolve a path that doesn't exist. A WebResourceResponse with null InputStream will be received as an HTTP response with status code 404 and no body.

The MIME type for the file will be determined from the file's extension using java.net.URLConnection#guessContentTypeFromName. Developers should ensure that files are named using standard file extensions. If the file does not have a recognised extension, "text/plain" will be used by default.

Parameters
path String: the suffix path to be handled.
Return
WebResourceResponse: WebResourceResponse for the requested file.