[Android][펌] 안드로이드(Android 5.0) Lollipop Webview issue

출처 : http://m.blog.daum.net/_blog/_m/articleView.do?blogid=04qAU&articleno=15310133

안드로이드(Android 5.0) Lollipop Webview issue

HTTPS > HTTP 전송시 내장 브라우저에서 block 시켜 데이터 전송이 안되는 문제였다. 

[blocked] The page at 'https://xxx' was loaded over HTTPS, but ran insecure content from http://xxx.css': this content should also be loaded over HTTPS.

라는 메세지를 콘솔창으로 마구 뱉는 문제였다...

이 문제는 롤리팝에서 변경된 문제였다.

구글링 해보았으나 실제로 안드로이드 관련정보는 찾을수 없었고

해결방안은 Anroid 5.0 Changes 를 보고 찾을 수 있었다.

[WebView]

If your app targets API level 21 or higher: The system blocks mixed content and third party cookies by default. To allow mixed content and third party cookies, use the setMixedContentMode() and setAcceptThirdPartyCookies() methods respectively. The system now intelligently chooses portions of the HTML document to draw. This new default behavior helps to reduce memory footprint and increase performance. If you want to render the whole document at once, disable this optimization by calling enableSlowWholeDocumentDraw(). If your app targets API levels lower than 21: The system allows mixed content and third party cookies, and always renders the whole document at once.

혼합된 컨텐츠와 서드파티 쿠키가 설정에 따라 Webview 에서 Block 시키는 게 기본이 됐다는 
내용이였다.

public abstract void setMixedContentMode (int mode)  Configures the WebView's behavior when a secure origin attempts to load a resource   from an insecure origin. By default, apps that target KITKAT or below default to   MIXED_CONTENT_ALWAYS_ALLOW. Apps targeting LOLLIPOP default to   MIXED_CONTENT_NEVER_ALLOW. The preferred and most secure mode of operation   for the WebView is MIXED_CONTENT_NEVER_ALLOW and use of   MIXED_CONTENT_ALWAYS_ALLOW is strongly discouraged.  MIXED_CONTENT_ALWAYS_ALLOW : 항상 허용  MIXED_CONTENT_COMPATIBILITY_MODE : 호환성 모드  MIXED_CONTENT_NEVER_ALLOW : 허용 안함

[해결 소스]

mWebView.getSettings().setMixedContentMode(WebSettings   .MIXED_CONTENT_ALWAYS_ALLOW);    CookieManager cookieManager = CookieManager.getInstance(); cookieManager.setAcceptCookie(true); cookieManager.setAcceptThirdPartyCookies(mWebView, true);

[Android 버전별 WebView 이슈들]

Migrating to WebView in Android 4.4 : https://developer.android.com/guide/webapps/migrating.html kitkat(4.4)에서 맞닥뜨린 이슈 및 해결 by marojun : https://medium.com/marojuns-android/kitkat-4-4-%EC%97%90%EC%84%9C-%EB%A7%9E%EB%8B%A5%EB%9C%A8%EB%A6%B0-%EC%9D%B4%EC%8A%88-%EB%B0%8F-%ED%95%B4%EA%B2%B0-1ecb94c24694 버전별 WebKit 버전 by Padgom : http://padgom.tistory.com/entry/Android-%EB%B2%84%EC%A0%84%EB%B3%84-Webkit-%EB%B2%84%EC%A0%84 @JavascriptInterface Caution: If you've set your targetSdkVersion to 17 or higher, you must add the @JavascriptInterface annotationto any method that you want available to your JavaScript (the method must also be public). If you do not provide the annotation, the method is not accessible by your web page when running on Android 4.2 or higher. [Remote Debugging on Android with Chrome] : https://developer.chrome.com/devtools/docs/remote-debugging [기타] 찾다 보니 Mozilla GeckoView도 있구나.. HTML5의 충실한 지원으로, Android WebView를 대체하는 View로 충분한  Mozilla GeckoView 사용하기.. by 코딩한줄에 12시간 : http://sjava.net/?p=471 WebView attack 관련 논문 선 링크 후 분석... : http://www.cis.syr.edu/~wedu/Research/paper/webview_acsac2011.pdf  webview_acsac2011.pdf