Customize web-view access to HTTP resources and URL schemes
The web-view component enforces strict access control to mitigate security risks, allowing only HTTPS resources to load by default. To customize access to HTTP resources or custom URL schemes (e.g., mailto), the super app must define an allowlist by implementing the GRVNetworkRequestAllowDelegate protocol. This topic details the protocol's implementation and specifications.
Before you begin
To customize the web-view allowlist, ensure that the integrated iOS IAPMiniProgram SDK is version 2.65.0 or later. For more information, see SDK release notes.
Procedure
To customize the web-view allowlist, take the following steps:
Step 1: Implement GRVNetworkRequestAllowDelegate
Create a class that implements the GRVNetworkRequestAllowDelegate protocol. Within the class, implement the following optional methods as needed:
shouldAllowHttpRequest: Implement this method to allow specific HTTP resources.shouldAllowScheme: Implement this method to allow custom URL schemes.
For more information about the protocol and its defined methods, refer to GRVNetworkRequestAllowDelegate. The following code provides a sample implementation:
class DemoNetworkAllowedDelegateImpl: NSObject, GRVNetworkRequestAllowDelegate {
// Allow specific HTTP resources by checking the URL's domain (e.g., www.example.com)
func shouldAllowHttpRequest(_ url: String) -> Bool {
if let url = URL(string: url),
let host = url.host?.lowercased(),
host == "www.example.com" {
return true
}
return false
}
// Allow custom URL schemes (e.g., mailto)
func shouldAllowScheme(_ url: String) -> Bool {
if let scheme = NSURL.init(string: url)?.scheme as? String,
scheme == "mailto"
{
return true
}
return false
}
}Step 2: Configure networkAllowedDelegate
After the SDK is initialized, create an instance of GRVExtensionDelegate and assign the implementation (for example, DemoNetworkAllowedDelegateImpl in the sample) to the networkAllowedDelegate property. Refer to the following code for a sample configuration:
let extensionDelegate = GRVExtensionDelegate()
extensionDelegate.networkAllowedDelegate = DemoNetworkAllowedDelegateImpl()Protocol
GRVNetworkRequestAllowDelegate
The GRVNetworkRequestAllowDelegate protocol defines methods for the super app to customize web-view access to HTTP resources or custom URL schemes. When a non-HTTPS URL is requested in web-view, the SDK calls the super app's delegate methods to check the custom allowlist, determining whether to allow or block the request. Refer to the following code for the protocol definition:
@protocol GRVNetworkRequestAllowDelegate <NSObject>
@optional
- (BOOL)shouldAllowHttpRequest:(NSString *)url;
- (BOOL)shouldAllowScheme:(NSString *)url;
@endThe following table lists the details of the defined methods:
Method | Required | Description |
shouldAllowHttpRequest:url | No | Called by the SDK to check if a specific HTTP resource is allowed. For more information, refer to |
shouldAllowScheme:url | No | Called by the SDK to check if a custom URL scheme is allowed. For more information, refer to |
shouldAllowHttpRequest:url
Parameters
Parameter | Data type | Required | Description |
url | NSString | Yes | An absolute HTTP URL. The super app needs to parse the URL's domain to match the custom allowlist. |
Return value
Value | Description |
YES | Return this value if the parsed domain is in the allowlist, which allows |
NO | Return this value if the parsed domain is not in the allowlist, which blocks |
shouldAllowScheme:url
Parameters
Parameter | Data type | Required | Description |
url | NSString | Yes | An absolute URL whose scheme is neither HTTPS nor HTTP. The super app needs to parse the URL's scheme to match the custom allowlist. |
Return value
Value | Description |
YES | Return this value if the parsed URL scheme is in the allowlist, which allows |
NO | Return this value if the parsed URL scheme is not in the allowlist, which blocks |