使用ios ,通过oc 使webview加载页面相关操作,遇到了如下两个问题。解决过程略有心酸,记录如下:
带登录状态(cookie)请求webview,cookie含有httponly标记
请求url由url变为url#时,webview的异常表现
cookie httponly flag
带cookie请求webview 可参考这篇文章《 IOS 网络请求中设置cookie》
那么问题来了:NSHTTPCookie 不支持httponly标记,仅有一个只读属性HTTPOnly。而为了防止xss,我们需要对cookie进行httponly标记,如何实现?
#在viewControlle中,加载之前、之后先清除cookie,防止cookie污染
-(void) viewWillAppear:(BOOL)animated
{
[super viewWillAppear:animated];
//清除cookies
NSHTTPCookie*cookie;
NSHTTPCookieStorage*storage=[NSHTTPCookieStoragesharedHTTPCookieStorage];
for(cookie in[storage cookies])
{
[storage deleteCookie:cookie];
}
}
#pragma mark --视图即将不可见时
-(void) viewWillDisappear:(BOOL)animated
{
//清除cookies
NSHTTPCookie*cookie;
NSHTTPCookieStorage*storage=[NSHTTPCookieStoragesharedHTTPCookieStorage];
for(cookie in[storage cookies])
{
[storage deleteCookie:cookie];
}
[super viewWillDisappear:animated];
}
#在view层
-(void)loadUrl:(NSURL*)url WithCookie:cookieVal
{
NSMutableURLRequest*request=[NSMutableURLRequest requestWithURL:url];//创建NSURLRequest
if(cookieVal){
NSString*cookieString=[[NSStringalloc] initWithFormat:@"CookieName=%@;path=/;domain=.domain.cn;httponly",cookieVal];
//这里可以传递多个cookie
NSArray*cookies=[NSArray arrayWithObjects:cookieString,nil];
for(NSString*cookieincookies){
NSDictionary*cookieDict=[NSDictionary dictionaryWithObject:cookie forKey:@"Set-Cookie"];
NSArray*headerCookie =[NSHTTPCookie cookiesWithResponseHeaderFields:cookieDict forURL:url];
//保存相关cookie至进程
[[NSHTTPCookieStoragesharedHTTPCookieStorage] setCookies:headerCookie
forURL:url
mainDocumentURL:nil];
}
}
[_webView loadRequest:request];
}load url with #
系统一般会实现webview的delegate:
webView:shouldStartLoadWithRequest:navigationType: 、webViewDidFinishLoad:
但是发现比如页面有js实现了层级的变化,但是会将url增加#时,即由:http://www.xiaoxiaozi.com/index.php 变成 http://www.xiaoxiaozi.com/index.php# 时,系统只会触发对shoudStartLoadWithRequest的调用,而不会调用webViewDidFinishLoad。
当我们实现“请稍候”弹层时,一定要将弹层自动化隐藏~
其他
也许有更合适的应对上述问题的解决办法,还请评论的同学不要藏私!
webview还有挺深的水,后续补充。