10 Replies Latest reply on Jun 11, 2017 1:47 PM by christianh77553045

    Open PDF, content security policy

    christianh77553045

      Hello,

      I'm working on an app which is developed with the vaadin framework (java) and runs with phonegap (6.5) under android and ios. That works well but I have a problem with PDF documents. The app received the PDF from a database and displays it to the user. That works well when I run the app on a desktop computer and on ios. The problem is when I try to open the PDF on an android device.

      I think the problem is caused by the content security policy (csp).

       

      When I debug the app on an android device I can see in the network section that the transfer of the PDF file was canceled.

       

      debug.jpg

       

      my index.html file includes:

       

      <meta http-equiv="Content-Security-Policy" content="default-src 'self' data:* gap: 'unsafe-inline' 'unsafe-eval' http://myvero.goip.de/myVero2/APP/connector/* *; style-src 'self' 'unsafe-inline' *; media-src * plugin-types application/pdf text/cache" />
      

       

      and the config.xml includes:

       

      <access origin="*" />
      <allow-intent href="http://*/*" />
      <allow-intent href="https://*/*" />
      <allow-intent href="tel:*" />
      <allow-intent href="sms:*" />
      <allow-intent href="mailto:*" />
      <allow-intent href="geo:*" />
      <allow-navigation href="*" />
      <allow-navigation href="http://*/*" />
      <allow-navigation href="https://*/*" />
      <allow-navigation href="data:*" />
      

       

      I tried to generate different Content-Security-Policy headers on the "CSP Is Awesome" website (http://cspisawesome.com/) but I didn't find any working solution.

       

      Maybe someone can help me.

       

      Thanks a lot!

       

      Christian

        • 1. Re: Open PDF, content security policy
          jcesarmobile_ Level 3

          The problem is Android WebView is not able to render PDF files. You will have to use a file opener plugin to launch an intent to apps capable of opening PDF files.

          • 2. Re: Open PDF, content security policy
            christianh77553045 Level 1

            Thanks for your reply jcesarmobile.

             

            The problem is not that Android is not able to open PDF files. I am not able to store files on the device. I tried to store different file types and I wasn't able to store them on the android device.

            The files are generated in the Vaadin app which runs as javascript on the mobile device.

             

            On ios everything works fine.

             

            Any ideas?

             

            Best regards Christian

            • 3. Re: Open PDF, content security policy
              jcesarmobile_ Level 3

              How are you trying to store them?

              • 4. Re: Open PDF, content security policy
                christianh77553045 Level 1

                As wrote I use the Vaadin Framework.

                 

                Kunde kunde = new KundeDAO().find(Authentication.getUser().name());
                
                
                  StreamSource streamSource = new StreamSource() {
                       @Override
                       public InputStream getStream() {
                            byte[] bas = kunde.getMaklermandat();
                            if (bas != null) {
                                 return new ByteArrayInputStream(bas);
                            } else {
                                 return null;
                            }
                       }
                  };
                
                
                  StreamResource resource = new StreamResource(streamSource,
                  "Maklermandat.pdf");
                  // resource.setMIMEType("jpg");
                
                
                
                  Button download = new Button("Download");
                
                  FileDownloader fileDownloader = new FileDownloader(resource);
                  fileDownloader.setOverrideContentType(true);
                
                
                
                  fileDownloader.extend(download);
                
                • 5. Re: Open PDF, content security policy
                  kerrishotts Adobe Community Professional

                  I'm not familiar with the Vaadin framework, but a quick Google search indicates that it is a server-side framework. Are you trying to run the above code on the device? (In which case, it won't work -- PhoneGap doesn't understand server-side languages) Or are you interacting with the above via XHR or some other kind of redirect? If so, understand that PhoneGap is also not a browser -- it doesn't provide a lot of the UI that a normal browser would provide, including download windows and such. For saving content to your user's device you should use the File Transfer plugin, or better yet, XHR + File plugin.

                  • 6. Re: Open PDF, content security policy
                    christianh77553045 Level 1

                    Hi,

                     

                    Vaadin Framework provides two development models for web applications: for the client-side (the browser) and for the server-side.

                    The client-side model allows developing widgets and applications in Java, which are compiled to JavaScript and executed in the browser.

                     

                    My app works well with phonegap on a ios device but not on android. That is the reason why I think my vaadin code is fine. I still think it s a permission problem. 

                    As you can see in the screenshot above the generated pdf file (Maklermandat.pdf) should be at http://myvero.goip.de/myVero2/APP/connector/1/181/url/Maklermandat.pdf on the tomcat server

                    but that is not the case when I run the app on android.

                    In the screenshot you can see that the connection was canceled, but why???

                     

                     

                    • 7. Re: Open PDF, content security policy
                      christianh77553045 Level 1

                       

                      On the left side you can see the debug screen when I run the app with phonegap and on the right when I run it on the same device just inside the androids chrome browser. 

                      In the browser it works fine.

                      • 8. Re: Open PDF, content security policy
                        kerrishotts Adobe Community Professional

                        What does the code that initiates the PDF download request look like?

                         

                        By doing this in Vaadin, you're out of most of my areas of expertise; it's one thing to debug JavaScript code, another to debug code on an unfamiliar framework. I'm still not entirely sure what you're even trying to do -- are you trying to upload a file to the server or download it? Because the screenshot on the right in your last image indicates a POST, which indicates to me that you're trying to upload something, not download it.

                         

                        If I had to guess, it's possible it could be related to CORS, though that doesn't 100% explain why iOS is fine. It might help to see your entire config.xml file (minus identifying/private information).

                        • 9. Re: Open PDF, content security policy
                          jcesarmobile_ Level 3

                          Android webview can't download files neither, so that might be the problem you are facing.

                          That might explain why it works on Chrome and not in Phonegap apps.

                          When you try it on Chrome, does it display the PDF file on Chrome? or does it download the file and uses another app to show the PDF?

                          If it's downloading the file, then that won't work on a Phonegap app.

                          • 10. Re: Open PDF, content security policy
                            christianh77553045 Level 1

                            HI Kerri, thank you for your help!

                             

                            I am trying to download a PDF file which I get from a database as a stream. Today I ran the app with an old phonegap version that I build a long time ago. It runs fine on android and opened the PDF file. I think the old version was without the whitelist plugin.

                            That is why I still think it is permission problem. I attached my config.xml and index.html file. Maybe you can have a look on.

                             

                            Dropbox - config.xml

                             

                            Dropbox - index.html

                             

                            Best regards

                             

                            Christian