I have noticed that some mobile app utilizes webview to display and process information. For instance, this mobile app asks username/password as part of its registration process, then creates a user on my website using webView behind an activity window. Then, automatically login the user on its webView and display the content of my website.
Old days, the clickjacking issue was a popular topic using iframe. Similar to clickjacking issue, is there a way to prevent from being webViewed?
Related
I have an native android educational app in which i want to add chat system. To reduce the size of the app I am using buddypress chat hosted on my wordpress website in webview.
Users have to sign in my website for chat in webview through my app. Is it violation of google policy?( There are No ads in webview)
It is not against Google Play policies but it depends on the nature for the app.
If it is targeting children I think you will have trouble. it is mentioned in Families Policy Requirements
App functionality: Your app must not merely provide a webview of a website or have a primary purpose of driving affiliate traffic to a website, regardless of ownership of the website.
To avoid any issues follow this advice:
make it clear that this (chat WebView) is a secondary feature of your app
make sure the web view does not redirect the user to any other site or give the user unrestricted access to the web (especially if your app targeting kids)
you should own the website/web app
avoid these common violations
put the WebView on its own full screen do not make it as a part of other screen
the website should have SSL certificate (https) (source)
do not make the WebView transparent or have transparency
I am working on a new events app and I would like users to be able to share events they have created with friends who many not have the app installed on their device yet. I am using the flutterdev share plugin to allow users to share event links through their social media channels, and I would like the invited users to navigate to the event directly when the link is clicked. So they can see the event details and then have the option to install the app if they so choose.
My question is : how to handle this for users who do not have the app installed on their phone?
My idea so far has been to develop a flutter web version of my mobile app and send the link as a web url, so the user will be sent to the flutter web version rather than the mobile app.
Is there an easier/smarter way to do this?
I am in trouble with the operation of Progressive Web Apps.
First, I pressed "Add to Home Screen" on the web, added the application to the home screen, and gave permission for push notification.
After that, I uninstalled Progressive Web Apps from the home screen, I expected that the notification will not arrive, but in fact it gets notified.
Can I detect uninstallation and reject push notifications?
I tried searching including the following site.
For example, but there is nothing expected of event or status.
Although it is an attachment of the home screen after uninstallation,
A Google Chrome icon is displayed in the notification bar.
home screen image
Based on your comment in response to the other answer, I figure you are building a progressive web app and want to implement this feature (turning off notifications on removal from the home screen) in your own PWA?
Currently (October 2017) there is no way for a PWA to detect if a user has removed it from their home screen. There is a way for the PWA to detect if it is uninstalled (as in the service worker is removed from the browser all together) but that is something totally different. You aren't uninstalling the PWA when you remove it from the home screen, you're just removing a shortcut. The PWA is still installed in the user's browser. They could still manually visit the site and your PWA would still be working.
Maybe this will become a feature in the future. For right now there isn't even a way to create a hack that would help.
If you navigate to the web app in question using Chrome for Android, either directly or by tapping on a notification, you can manually adjust its permissions by tapping on the "Lock" icon next to the location bar, then choosing "SITE SETTINGS", and then making changes there.
The specific steps to do this would vary if you're using a browser other than Chrome.
Currently, I am working on ASP.Net Identity related project. I implemented code to use external login providers like Google, Facebook, Microsoft, Twitter and Yahoo in our project. It's working fine.
But, our client is asking us to open external provider login page in a fancybox and on clicking login button, the page need to be navigated to our actual project based on validation of login credentials. Please suggest me any solution.
I created an iframe facebook application with a canvas page. I have defined in this application a page tab (iframe) and added the page in a facebook fan page. A new tab is correctly created in the fan page. But the content is only displayed when the user is logged in facebook (if not, it's white content). The application is displaying a simple html static page and does not require any authentication.
Furthermore, the application can be accessed correctly when the user is not logged into facebook (direct access, not from the fan page containing the application tab).
Does anyone have an idea why the users which are not logged in, don't see the content of the tab in the fan page?
This is a known issue that has been already reported to Facebook Developers.
See here : http://bugs.developers.facebook.net/show_bug.cgi?id=15166
So i am afraid you just have to wait until it get fixed..