Fixed
Status Update
No update yet.
Comments
pb...@google.com
ap...@google.com
Project: platform/frameworks/support
Branch: androidx-main
commit 7bb49f8829acf5d30b446109d3a245916f30b258
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Thu Mar 24 10:53:07 2022
Add hidden X-Requested-With header control API
The API is fully functional, but hidden for now, as we are not yet ready
to release the new feature.
Bug: 226552535
Test: Added new test cases to WebSettingsCompatTest.java and
ServiceWorkerWebSEttingsCompatTest.java
Change-Id: I1874f766b6e244b9fc81f060d2f6fef0f22edd5e
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/MainActivity.java
A webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/HttpServer.java
A webkit/integration-tests/testapp/src/main/res/layout/activity_requested_with_header.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/ServiceWorkerWebSettingsImpl.java
M webkit/webkit/src/androidTest/java/androidx/webkit/WebViewOnUiThread.java
A webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/RequestedWithHeaderActivity.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
M webkit/webkit/src/androidTest/java/androidx/webkit/ServiceWorkerWebSettingsCompatTest.java
D webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/Proxy.java
M webkit/integration-tests/testapp/src/main/AndroidManifest.xml
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/ProxyOverrideActivity.java
M webkit/webkit/src/main/java/androidx/webkit/internal/WebViewFeatureInternal.java
M webkit/webkit/src/main/java/androidx/webkit/internal/WebSettingsAdapter.java
M webkit/integration-tests/testapp/src/main/res/values/donottranslate-strings.xml
M webkit/webkit/src/main/java/androidx/webkit/WebViewFeature.java
M webkit/webkit/src/androidTest/java/androidx/webkit/WebSettingsCompatTest.java
https://android-review.googlesource.com/2041643
Branch: androidx-main
commit 7bb49f8829acf5d30b446109d3a245916f30b258
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Thu Mar 24 10:53:07 2022
Add hidden X-Requested-With header control API
The API is fully functional, but hidden for now, as we are not yet ready
to release the new feature.
Bug: 226552535
Test: Added new test cases to WebSettingsCompatTest.java and
ServiceWorkerWebSEttingsCompatTest.java
Change-Id: I1874f766b6e244b9fc81f060d2f6fef0f22edd5e
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/MainActivity.java
A webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/HttpServer.java
A webkit/integration-tests/testapp/src/main/res/layout/activity_requested_with_header.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/ServiceWorkerWebSettingsImpl.java
M webkit/webkit/src/androidTest/java/androidx/webkit/WebViewOnUiThread.java
A webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/RequestedWithHeaderActivity.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
M webkit/webkit/src/androidTest/java/androidx/webkit/ServiceWorkerWebSettingsCompatTest.java
D webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/Proxy.java
M webkit/integration-tests/testapp/src/main/AndroidManifest.xml
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/ProxyOverrideActivity.java
M webkit/webkit/src/main/java/androidx/webkit/internal/WebViewFeatureInternal.java
M webkit/webkit/src/main/java/androidx/webkit/internal/WebSettingsAdapter.java
M webkit/integration-tests/testapp/src/main/res/values/donottranslate-strings.xml
M webkit/webkit/src/main/java/androidx/webkit/WebViewFeature.java
M webkit/webkit/src/androidTest/java/androidx/webkit/WebSettingsCompatTest.java
ca...@instantbits.com
Is there any progress on this? Can't this header be used by websites to help fingerprint users?
pb...@google.com
This is still being worked on.
ap...@google.com
Project: platform/frameworks/support
Branch: androidx-main
commit 63162c480833e1fcc35154d6b77d2a879bbee4f3
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Mon Sep 26 17:17:07 2022
Remove unreleased X-Requested-With API
The API design has changed, and this version of the API was not
released. Removing the old API to allow rolling of boundary interfaces.
Bug: 226552535
Test: webkit:webkit:connectedAndroid
Change-Id: I103e6983d82abd13f8418c1c97f1c0bbcb28f6e5
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/MainActivity.java
D webkit/integration-tests/testapp/src/main/res/layout/activity_requested_with_header.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/ServiceWorkerWebSettingsImpl.java
D webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/RequestedWithHeaderActivity.java
M webkit/webkit/src/androidTest/java/androidx/webkit/ServiceWorkerWebSettingsCompatTest.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/AndroidManifest.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/WebViewFeatureInternal.java
M webkit/webkit/src/main/java/androidx/webkit/WebViewFeature.java
M webkit/integration-tests/testapp/src/main/res/values/donottranslate-strings.xml
M webkit/webkit/src/androidTest/java/androidx/webkit/WebSettingsCompatTest.java
https://android-review.googlesource.com/2232129
Branch: androidx-main
commit 63162c480833e1fcc35154d6b77d2a879bbee4f3
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Mon Sep 26 17:17:07 2022
Remove unreleased X-Requested-With API
The API design has changed, and this version of the API was not
released. Removing the old API to allow rolling of boundary interfaces.
Bug: 226552535
Test: webkit:webkit:connectedAndroid
Change-Id: I103e6983d82abd13f8418c1c97f1c0bbcb28f6e5
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/MainActivity.java
D webkit/integration-tests/testapp/src/main/res/layout/activity_requested_with_header.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/ServiceWorkerWebSettingsImpl.java
D webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/RequestedWithHeaderActivity.java
M webkit/webkit/src/androidTest/java/androidx/webkit/ServiceWorkerWebSettingsCompatTest.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/AndroidManifest.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/WebViewFeatureInternal.java
M webkit/webkit/src/main/java/androidx/webkit/WebViewFeature.java
M webkit/integration-tests/testapp/src/main/res/values/donottranslate-strings.xml
M webkit/webkit/src/androidTest/java/androidx/webkit/WebSettingsCompatTest.java
ca...@instantbits.com
Does this mean the ability to remove X-Requested-With will not be added?
ap...@google.com
Project: platform/frameworks/support
Branch: androidx-main
commit fb19f6a47c7247af33afa09ba5e3bbf4bf3fc092
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Tue Sep 27 10:14:09 2022
Remove left-over adapter methods
These methods should have been removed as part of aosp/2232129.
Bug: 226552535
Test: webkit:webkit:connectedAndroid
Change-Id: If77ef01128e4623415cb5565c3f022e1c0c9c14c
M webkit/webkit/src/main/java/androidx/webkit/internal/WebSettingsAdapter.java
https://android-review.googlesource.com/2232007
Branch: androidx-main
commit fb19f6a47c7247af33afa09ba5e3bbf4bf3fc092
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Tue Sep 27 10:14:09 2022
Remove left-over adapter methods
These methods should have been removed as part of aosp/2232129.
Bug: 226552535
Test: webkit:webkit:connectedAndroid
Change-Id: If77ef01128e4623415cb5565c3f022e1c0c9c14c
M webkit/webkit/src/main/java/androidx/webkit/internal/WebSettingsAdapter.java
ap...@google.com
Project: platform/frameworks/support
Branch: androidx-main
commit a5cfc6fb68850525f109ffab9dc1dedfffbf5a5d
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Mon Oct 03 14:33:43 2022
Add X-Requested-With allow-list API
Introduce a new API to let apps preserve the legacy behavior for the
X-Requested-With request header, ensuring it's still being sent to
servers that rely on it to function properly.
Bug: 226552535
Test: webkit:webkit:connectedAndroid
Change-Id: I4c03097a4ce864f7d4a5425a643f4d747ed411e0
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/MainActivity.java
A webkit/integration-tests/testapp/src/main/res/layout/activity_requested_with_header.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/ServiceWorkerWebSettingsImpl.java
A webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/RequestedWithHeaderActivity.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
M webkit/webkit/src/androidTest/java/androidx/webkit/ServiceWorkerWebSettingsCompatTest.java
M webkit/integration-tests/testapp/src/main/AndroidManifest.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/WebViewFeatureInternal.java
M webkit/webkit/src/main/java/androidx/webkit/internal/WebSettingsAdapter.java
M webkit/integration-tests/testapp/src/main/res/values/donottranslate-strings.xml
M webkit/webkit/src/main/java/androidx/webkit/WebViewFeature.java
M webkit/webkit/src/androidTest/java/androidx/webkit/WebSettingsCompatTest.java
https://android-review.googlesource.com/2238418
Branch: androidx-main
commit a5cfc6fb68850525f109ffab9dc1dedfffbf5a5d
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Mon Oct 03 14:33:43 2022
Add X-Requested-With allow-list API
Introduce a new API to let apps preserve the legacy behavior for the
X-Requested-With request header, ensuring it's still being sent to
servers that rely on it to function properly.
Bug: 226552535
Test: webkit:webkit:connectedAndroid
Change-Id: I4c03097a4ce864f7d4a5425a643f4d747ed411e0
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/MainActivity.java
A webkit/integration-tests/testapp/src/main/res/layout/activity_requested_with_header.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/ServiceWorkerWebSettingsImpl.java
A webkit/integration-tests/testapp/src/main/java/com/example/androidx/webkit/RequestedWithHeaderActivity.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
M webkit/webkit/src/androidTest/java/androidx/webkit/ServiceWorkerWebSettingsCompatTest.java
M webkit/integration-tests/testapp/src/main/AndroidManifest.xml
M webkit/webkit/src/main/java/androidx/webkit/internal/WebViewFeatureInternal.java
M webkit/webkit/src/main/java/androidx/webkit/internal/WebSettingsAdapter.java
M webkit/integration-tests/testapp/src/main/res/values/donottranslate-strings.xml
M webkit/webkit/src/main/java/androidx/webkit/WebViewFeature.java
M webkit/webkit/src/androidTest/java/androidx/webkit/WebSettingsCompatTest.java
na...@google.com
The following release(s) address this bug:
androidx.webkit:webkit:1.6.0-alpha02
ca...@instantbits.com
That is great news. Thank you.
ap...@google.com
Project: platform/frameworks/support
Branch: androidx-main
commit c077e2eddc13288933bb578ce0e29b9e821286dc
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Mon Oct 24 16:30:39 2022
Unhide X-Requested-With API
Relnote: """Adding new API to ensure clients continue to receive the
X-Requested-With header. This header is being deprecated, and WebView
is planned to stop sending this in early 2023. Using the new
`WebSettingsCompat#setRequestedWithHEaderOriginAllowList` method,
developers will be able to maintain the legacy behaviour for origins
that continue to rely on this header."""
Bug: 226552535
Test: Existing tests
Change-Id: I0adfea18e5c9b60405af2d62c61786b09c37ffb9
A webkit/webkit/api/current.ignore
M webkit/webkit/api/current.txt
M webkit/webkit/api/public_plus_experimental_current.txt
A webkit/webkit/api/restricted_current.ignore
M webkit/webkit/api/restricted_current.txt
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
https://android-review.googlesource.com/2267806
Branch: androidx-main
commit c077e2eddc13288933bb578ce0e29b9e821286dc
Author: Peter Birk Pakkenberg <pbirk@google.com>
Date: Mon Oct 24 16:30:39 2022
Unhide X-Requested-With API
Relnote: """Adding new API to ensure clients continue to receive the
X-Requested-With header. This header is being deprecated, and WebView
is planned to stop sending this in early 2023. Using the new
`WebSettingsCompat#setRequestedWithHEaderOriginAllowList` method,
developers will be able to maintain the legacy behaviour for origins
that continue to rely on this header."""
Bug: 226552535
Test: Existing tests
Change-Id: I0adfea18e5c9b60405af2d62c61786b09c37ffb9
A webkit/webkit/api/current.ignore
M webkit/webkit/api/current.txt
M webkit/webkit/api/public_plus_experimental_current.txt
A webkit/webkit/api/restricted_current.ignore
M webkit/webkit/api/restricted_current.txt
M webkit/webkit/src/main/java/androidx/webkit/ServiceWorkerWebSettingsCompat.java
M webkit/webkit/src/main/java/androidx/webkit/WebSettingsCompat.java
Description
Finish the work started inhttps://crbug.com/1295213 and build the API surface for developers to control the X-Requested-With header behaviour in WebView.
The API will only be available through Jetpack, and will not be exposed as part of the platform.