iOS cannot preview RTF from React PWA - ios

We have a React PWA where we initially download RTF-Documents and save them to an indexDB. We use createObjectURL and an a with a.click() to simulate a download when the file is requested by the User.
The mimetype is set to application/rtf in the createObjectURL call.
However, on iOS (with Safari) the default "view" operation shows the following:
This file cannot be previewed
It might be corrupted or of an unknown file format.
The same file works from our "normal" webapp (i.e. file is served from a backend server). I tried to set the headers exactly like our backend server does, but it either doesn't show the "view" Button at all or it shows the error.
Any ideas how to set up the calls, so iOS will show the RTF correctly?

Related

Content Security Policy - Twitter Embedded Video

I have an embedded twitter video in a webview in a mobile app (Titanium, but this doesn't really matter). When I click play on the video I see this error:
Refused to display '[the url]' in a frame because an ancestor violates
the following Content Security Policy directive: "frame-ancestors *".
What is causing this issue is the fact that the webview content is being populated via a Hogan template that is loaded in from a local file path. I get the same error if I just copy the embed code into a file on my desktop and open the file in Chrome. It works fine in a webview in iOS and the local file works okay in Firefox, so this seems to be Chrome related.
Why is this failing with a wildcard for frame-ancestors?
Is there a way around this in my current setup?

Cordova on iOS shows broken image

I have a cordova app (cordova 5, ios 4) which uses Angular in the background.
I need to display an image (jpg) which I am downloading from my remote server via https.
However the image is always displayed as broken by the webview.
The image is included like this:
<img ng-src="{{picture}}">
I have tried 2 variants to include the picture:
displaying the image directly via the https url. I can open the url in both a desktop browser and the iPhone Safari browser and they display it correctly. In cordova it is shown as broken
downloading the image via File Transfer and then including the local image via a file:// link. Same problem.
What I have verified:
the image itself is correct as I can show it in a browser
the download itself works, the file transfer is correct
cordova has been set to allow all resources so it does not seem to be a problem of whitelisting
angulars sanitizing has also been adjusted so the links in the html are actually correct i.e. not modified
the server is sending the correct content-type which I have verified via wget
I am running out of ideas here.
It seems the browser view of Cordova on iOS (UIWebview) is more strict than a standalone browser. I tried to download the image via wget and then had a look at the content. It did not show any jpg header but was identified as text by the unix file command.
The http headers also showed no Content-Length.
Solution
The server side logic (spring) returned a byte[] but I did not include any transformation to it. So I changed by rest configuration on the web app to include a ByteArrayHttpMessageConverter:
<mvc:annotation-driven>
<mvc:message-converters>
<bean class="org.springframework.http.converter.ByteArrayHttpMessageConverter">
</bean>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
Then it worked. The browser seems to fix the missing file header and/or encoding (not sure what the exact error is) whereas the UIWebview doesn't do this.

add a response header to tell a browser to use a specific launch application

I want to tell a browser to in a header of the server response, to launch a specific application to open a specific file.
In particular if I want to view a pdf file (which is present on my server) on my browser, in safari (iPad), using iBooks, how do I do it?
I specify the mime-type of the requested (http request) file (in this case application/pdf) and the content disposition in the response header, but when the pdf file opens, I can view only the first page, I don't get an option to scroll down to view other pages in the pdf file. I have this issue on the browser Safari (iPad). I'm writing the server side code, processing the http request.
You cannot possibly instruct the device to use a specific application for your file.

How to add a link to start a file download in a Rails Facebook canvas app

In our Rails app that runs in Facebook canvas, we have a workflow where a logged in user can build a document and then download it.
When the file is ready we show a link to it. This is just a Rails action that renders using send_file in dev or head (with proper NGINX config) in production. This part works fine.
In order to have the file start downloading without opening a new browser tab, we had the link target an empty iframe.
This was working, but a while back, presumably due to a security change by Facebook, our link stopped working. The JavaScript errors show:
Refused to display document because display forbidden by X-Frame-Options.
Users can still open the link in a new tab and it will download the file and a quick fix is to make the link open a new browser tab, but that isn't as good of a user experience.
We tried changing the X-Frame-Options in the headers and/or using meta tags, but this is canvas (running in an iframe), so that just stopped those views from displaying.
I also tried this form solution, but it didn't do anything (I could have been doing it wrong).
Is there any way we can build a button or link that will start the file download without opening a new browser tab?
Do you need to set the target at all? With no target set would it not trigger a file download popup in the browser, but leave the current browser window/tab on the same content?

Direct file download vs reading a file back as download

Is there any difference between creating a direct link to a file on a server, and doing something like reading the file from a location and setting the content type header then streaming back the data.
I'm curious because I have a webserver that i'm using to download apps to a blackberry, if i create a file and have a direct link to that file it works, but if i stream it back using an webpage it doesn't work. The phone gets the file but it doesn't work.
Things to note:
urls are the same in both cases ie (http://somesite.com/download/file.jad)
in a browser using fiddler the downloads/header are exactly the same byte for byte
So why would the phone prefer a file that's actually a direct link vs one that is a controller streaming the data back when the data transmitted and the url are identical?
The .JAD file is just the first part of the download - there are also the .COD files associated with it (referenced in the JAD). Did you ensure that your "streaming" method is sending back the COD file correctly and with the correct MIME types?
I discovered a fix for this problem though I'm still not sure what causes it. I have been delivering the link to the phone through the sms/email gateway. When the phone gets the sms and I select the link for download it asks if i want to get the jad i hit yes and it shows up and drop out. I put the exact same link on another page as an html link and sent an sms pointing to that page. The web site throws an error... So I copied and pasted the link into the phones browser and the page shows up just fine, I click the jad download link on the page and now the jad works fine.
So i'm thinking two things either there is some sort of security mechanism that prevents direct links in sms(but this has worked for other files) Or the way the phone gets the url is different.
I ran some tests and noticed something else, on a page that accepts an id value (http://site.com/download/145) where 145 is an id for a file, if you go to that link in a phone browser it works fine and you download the file. If you send it in an sms the server errors out saying that the id is expected to be a float and it received a string. So why is it that when the phone links directly from sms the url parameters are strings but when used in a browser the actually get parsed as a float?
Sorry for the long winded explanation but it's a strange issue.

Resources