Google's PDF embed doesn't work on Android webview, any alternatives?

Question

I would like to show a PDF in an application embedded in a WebView. It works fine until I would like to use get parameters in the URL.

So for example this works well:

https://drive.google.com/viewerng/viewer?embedded=true&param=1&url=http://africau.edu/images/default/sample.pdf

But as soon as I put a get parameter in the given URL which I cannot show for security reasons, it doesn't work, for example:

https://drive.google.com/viewerng/viewer?embedded=true&url=http://{anydomain}/any.php?args1=1&args2=2

Downloading and showing then deleting the pdf is not an option since the business model of the given application. Since the information in the given PDFs is sensitive. I must show an embedded PDF from a URL and no matter where I search I only found this solution, Google's drive embed which is horrible from many points of view but the worst is that it doesn't handle well GET params.

Any tips?

EDIT 1:

I tried URL encoding. Same result in Android's WebView. And I experience the same WITHOUT encoding in PC browsers do I don't think the problem is with encoding or is it?

Create your own server that converts PDFs to images, and create your own viewer page that displays those images. — CommonsWare, Aug 05 '21 at 13:29
How do you know this is a matter of GET parameters and not, for example, cookies? — user3840170, Aug 10 '21 at 11:39
Also, if you’re not comfortable sharing the URL with us, why are you comfortable sharing it with Google’s proxy servers? — user3840170, Aug 14 '21 at 17:00
You will need to white list the URL that you are going to use for pdf. — Tejas Dhawale, Aug 16 '21 at 06:11

user3840170 · Answer 1 · 2021-08-19T13:09:38.337

Using Google’s proxy is a wrong solution for the problem stated in the question. Despite the question body stating ‘Downloading and showing then deleting the pdf is not an option’, this is actually the only remotely sensible option: embed a PDF renderer in your application, then download the PDF into a private application storage and use your built-in renderer to view it. Though remember it is still possible to capture the file in transit by MITM-ing the device, or at rest (when it’s in temporary storage, private or not) with a rooted phone, so preventing the file from being saved on the device (in the public area) amounts to little more than annoying security theatre anyway.

That said, you should really percent-escape the URI.

Since I am too lazy to start up my own web server, I verified this with Pipedream. I signed up for the free plan, opened https://drive.google.com/viewerng/viewer?embedded=true&param=1&url=https://███████████████.m.pipedream.net/blah%3Ffoobar=barfoo%26quux=12345 (corresponding to https://███████████████.m.pipedream.net/blah?foobar=barfoo&quux=12345; note the escaped ? and &) and this is what I got in the console:

Clearly the query parameters are passed correctly, as long as the drive.google.com endpoint receives them escaped. In your case, the URL should be https://drive.google.com/viewerng/viewer?embedded=true&url=http://{anydomain}/any.php%3Fargs1=1%26args2=2. If this still doesn’t work in your case even if you correctly perform the appropriate escaping, your problem is something else. Without knowing your configuration in more detail, I will not be able to tell what it is: it may be a matter of appropriate session cookies not being sent, or the server may be banning Google’s IP addresses (after all, the PDF is requested by Google servers).

I don't understand most of your saying but as I stated in my question, I tried URL encoding. Is it the same thing as "percent-escape" which you mention? Also, I don't see your example, only an error message: "No preview available". — Adam Varhegyi, Aug 14 '21 at 11:53
@AdamVarhegyi I redacted the domain name; this is not a readily-viewable URL. This is just an example showing that parameters are passed correctly if they are escaped correctly. If you do the same, then the problem isn’t the URL parameters, but something else, which may depend on details you have not shared. — user3840170, Aug 14 '21 at 13:45

score 1 · Answer 2 · answered Aug 10 '21 at 13:33

To load pdf in webview you have to set some webview settings. This is how I load pdf in webview. it is working for me:

private fun init() {
        val bundle = intent.extras
        if (bundle != null) {
            pdfFile = bundle.getString(IntentValue.pdfFile)!!
            slug = bundle.getString(IntentValue.title)!!

            webView.scrollBarStyle = View.SCROLLBARS_OUTSIDE_OVERLAY

            webView.settings.javaScriptEnabled = true
            webView.settings.allowFileAccessFromFileURLs = true
            webView.settings.allowUniversalAccessFromFileURLs = true
            webView.settings.builtInZoomControls = true
            webView.settings.javaScriptEnabled = true
            webView.settings.pluginState = WebSettings.PluginState.ON
            webView.settings.domStorageEnabled = true
            webView.settings.loadWithOverviewMode = true

            webView.loadUrl("https://docs.google.com/viewer?url=$pdfFile")

            webView.webViewClient = object : WebViewClient() {
                override fun onPageFinished(view: WebView, url: String) {

                    if (view.title.equals("")) {
                        progress.visibility = View.VISIBLE
                        view.reload()
                    } else {
                        progress.visibility = View.GONE
                    }

                    view.settings.loadsImagesAutomatically = true

                }

                override fun shouldOverrideUrlLoading(view: WebView, url: String?): Boolean {
                    if (url!!.endsWith(".pdf")) {
                        val intent = Intent(Intent.ACTION_VIEW)
                        intent.setDataAndType(Uri.parse(url), "application/pdf")
                        try {
                            startActivity(intent)
                        } catch (e: ActivityNotFoundException) {
                        }
                    } else {
                        webView.loadUrl("https://docs.google.com/viewer?url=$pdfFile")
                    }
                    return true
                }

                override fun onReceivedError(
                    view: WebView?,
                    errorCode: Int,
                    description: String?,
                    failingUrl: String?
                ) {
                    toast(description!!)
                }
            }

        }

        if (getStoragePermission()) {
            if (checkDocumentDownloaded("$slug.pdf")) {
                ivDownload.setImageResource(R.drawable.ic_downloaded)
            } else {
                ivDownload.setImageResource(R.drawable.ic_download)
            }
        }

        clickListener()
    }

    private fun checkPageFinished() {
        if (webView.contentHeight === 0) {

            webView.postDelayed(
                {
                    webView.loadUrl("https://docs.google.com/viewer?url=$pdfFile")
                },
                1000
            )
            webView.postDelayed(
                {
                    if (webView.contentHeight === 0) {
                        checkPageFinished()
                    }
                },
                1500
            )
        }
    }

score -1 · Answer 3 · answered Aug 05 '21 at 13:40

-1

You should URL encode every parameter. You can't add ? like you did

answered Aug 05 '21 at 13:40

alexrait

407
3
15

Care to elaborate? I have the same result with after encoding the whole url. Also, it doesn't work in pc browser neither without encoded, so I don't think it is the problem? – Adam Varhegyi Aug 10 '21 at 10:24

Google's PDF embed doesn't work on Android webview, any alternatives?

3 Answers3