The OpenD Programming Language

ICoreWebView2NavigationStartingEventArgs3

Undocumented in source.
version(Windows && inline_webview2_bindings && all)
interface ICoreWebView2NavigationStartingEventArgs3 : ICoreWebView2NavigationStartingEventArgs2 {
static const
GUID iid;
}

Members

Functions

get_NavigationKind
HRESULT get_NavigationKind(COREWEBVIEW2_NAVIGATION_KIND* navigation_kind)

Get the navigation kind of this navigation.

Inherited Members

From ICoreWebView2NavigationStartingEventArgs2

get_AdditionalAllowedFrameAncestors
HRESULT get_AdditionalAllowedFrameAncestors(LPWSTR* value)

Get additional allowed frame ancestors set by the host app.

put_AdditionalAllowedFrameAncestors
HRESULT put_AdditionalAllowedFrameAncestors(LPCWSTR value)

The app may set this property to allow a frame to be embedded by additional ancestors besides what is allowed by http header X-Frame-Options and Content-Security-Policy frame-ancestors directive. If set, a frame ancestor is allowed if it is allowed by the additional allowed frame ancestors or original http header from the site. Whether an ancestor is allowed by the additional allowed frame ancestors is done the same way as if the site provided it as the source list of the Content-Security-Policy frame-ancestors directive. For example, if https://example.com and https://www.example.com are the origins of the top page and intermediate iframes that embed a nested site-embedding iframe, and you fully trust those origins, you should set this property to https://example.com https://www.example.com. This property gives the app the ability to use iframe to embed sites that otherwise could not be embedded in an iframe in trusted app pages. This could potentially subject the embedded sites to Clickjacking attack from the code running in the embedding web page. Therefore, you should only set this property with origins of fully trusted embedding page and any intermediate iframes. Whenever possible, you should use the list of specific origins of the top and intermediate frames instead of wildcard characters for this property. This API is to provide limited support for app scenarios that used to be supported by <webview> element in other solutions like JavaScript UWP apps and Electron. You should limit the usage of this property to trusted pages, and specific navigation target url, by checking the Source of the WebView2, and Uri of the event args.

Meta