search

CommunityToolkit / Microsoft.Toolkit.Win32

ARCHIVE - This repository contained XAML Islands wrapper controls and tooling for XAML Islands with WinUI 2, see readme for more info about XAML Islands with WinUI 3 and the WindowsAppSDK.
https://aka.ms/windowsappsdk
Other
383 stars 89 forks source link

Need an API to clear WebView cache/stored passwords #33

Open purani opened 6 years ago

purani commented 6 years ago

I'm submitting a...

Feature request

Current behavior

WebView class does not provide a method to clear cache.

Expected behavior

Clear method in WebView to clear cache

Minimal reproduction of the problem with instructions

Suppose you need to clear cached aspx pages to fetch them from server, there is no exposed method to achieve it.

Environment

Nuget Package(s): Microsoft.Toolkit.Win32.UI.Controls

Package Version(s): 3.0.0

Windows 10 Build Number:
- [ ] Creators Update (15063)
- [ ] Fall Creators Update (16299)
- [x] April 2018 Update (17134)
- [ ] Insider Build (build number: )

App min and target version:
- [ ] Creators Update (15063)
- [ ] Fall Creators Update (16299)
- [x] April 2018 Update (17134)
- [ ] Insider Build (xxxxx)

Device form factor:
- [ ] Desktop
- [ ] Mobile
- [ ] Xbox
- [ ] Surface Hub
- [ ] IoT

Visual Studio 
- [ ] 2017 (version: )
- [ ] 2017 Preview (version: )
kbrons commented 6 years ago

I've been doing some research, but I haven't found a way to clean the cache on the WebView implementation we are using. @nmetulev do you know someone who might have a better understanding of this control?

JohnnyWestlake commented 6 years ago

WebView uses the same WinINET cache the UWP HttpClient uses... Which doesn't let you clear it's cache. (Unless you break outside the sandbox). You can optionally use a custom HttpRequestMessage during navigation with custom cache headers if the server responds to them properly.

dckorben commented 6 years ago

It might help devs who missed the no-cache headers initially. If you remove the specific cached files located in C:\Users\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC that will effectively reset the webview. Obviously, of no use in deployed apps and incredibly poor hack but it helped me clear the cache to get the headers on the docs that were influx so testing could continue.

rjmurillo commented 5 years ago

@joshholmes FYI

verelpode commented 5 years ago

Me too! Although Windows.UI.Xaml.Controls.WebView.ClearTemporaryWebDataAsync exists, this ClearTemporaryWebDataAsync method doesn't exist in Microsoft.Toolkit.Wpf.UI.Controls.WebView nor in Windows.Web.UI.Interop.WebViewControl. However, ClearTemporaryWebDataAsync is a static method therefore could be invoked anyway. Is it acceptable/compatible to invoke ClearTemporaryWebDataAsync in a WPF app that is using Microsoft.Toolkit.Wpf.UI.Controls.WebView?

@purani asked about clearing stored passwords. I haven't checked whether ClearTemporaryWebDataAsync clears passwords. The documentation says only: "Clears the WebView 's cache and IndexedDB data." Unfortunately it doesn't mention what happens with stored passwords and cookies.

If you use WebViewControlProcess and you terminate your instance and start up a new process/instance, what happens to session state, cookies, passwords?

What's the best way to clear everything in WebView on a shared computer before a different person starts using the computer? To switch to a different person, cookies and passwords need to be deleted, but it's not strictly necessary to delete cached HTML pages, JPEG files, etc. However for extra security, it's good to have the option to also delete all cached files.

The following was a technique for Internet Explorer. Should it be used in conjunction with WebView? Obviously this is only possible outside of the sandbox, such as when WebView is used in a WPF app.

System.Diagnostics.Process.Start("rundll32.exe", "InetCpl.cpl,ClearMyTracksByProcess " + flags);

Here's another ugly hack that was possible with WPF's System.Windows.Controls.WebBrowser. I don't know what happens if you try to use this in conjunction with WebView.

InteropServices.Marshal.WriteInt32(buf, INTERNET_SUPPRESS_COOKIE_PERSIST);
if (!InternetSetOption(IntPtr.Zero, INTERNET_OPTION_SUPPRESS_BEHAVIOR, buf, 4)) _ThrowLastWin32Error();
...and later do:
InternetSetOption(IntPtr.Zero, INTERNET_OPTION_END_BROWSER_SESSION, IntPtr.Zero, 0);
verelpode commented 5 years ago

InPrivate mode to support multi-user scenarios:

It would be very useful if WebView (both Microsoft.Toolkit.Wpf.UI.Controls.WebView and Windows.UI.Xaml.Controls.WebView) supported a mode equivalent to the InPrivate mode in the full MS Edge app. This is especially useful to protect/isolate one person's browsing session from the next person's browsing session, so that the next person/user doesn't gain access to the previous person's cookies/sessions/passwords. When a web-enabled computing device is used by multiple different customers or staff members, and one person logs into their web-based email or whatever, this session/cookie data needs to be deleted before the next customer or staff member uses the computing device. This is a major issue for us.

The idea is that you'd create an "InPrivateSession" object and use the same InPrivateSession instance with multiple WebView instances. When you dispose/end the InPrivateSession instance, it should delete all cookies/sessions/passwords that were created during/inside that InPrivateSession instance. Thus an InPrivateSession would be like a container that stores or records all cookies/sessions/passwords created in or during that InPrivateSession and deletes them when the InPrivateSession is disposed/ended. In other words, when a WebView is linked with an InPrivateSession instance, then the lifetime of new cookies should be limited to the lifetime of the InPrivateSession instance.

Regarding deletion of cached webpages, image files, etc, ideally this would be optional. I'd love to have a setting that controls whether cache and cookies is deleted versus only cookies deleted. The problem with deleting all cached files is that it causes a lot of extra network traffic to repeatedly re-download the same files.

verelpode commented 5 years ago

I investigated further. An exception is thrown when I try to invoke the static method Windows.UI.Xaml.Controls.WebView.ClearTemporaryWebDataAsync in my test WPF app that uses Microsoft.Toolkit.Wpf.UI.Controls.WebView. Does a workaround exist?

System.Exception The application called an interface that was marshalled for a different thread. (Exception from HRESULT: 0x8001010E (RPC_E_WRONG_THREAD))

HResult: 0x8001010E Source: Windows.UI.Xaml Target Site/Method: Windows.Foundation.IAsyncAction ClearTemporaryWebDataAsync()

Stack Trace: at Windows.UI.Xaml.Controls.WebView.ClearTemporaryWebDataAsync() at TestWebView_Wpf.TesterPanel.OnClearCache

My test app is deliberately kept simple -- it does not create any new threads or dispatchers. I presume the RPC_E_WRONG_THREAD error is some side-effect of using XAML Islands.

Package version 6.0.0-preview7. .NET Framework v4.8 running in Windows 10 version 1903 (build 18362.267).

As an ugly workaround/hack until a proper solution is released, is it acceptable to clear WPF WebView's cache (or the whole computer's cache) by using P/Invoke in a WPF app to invoke DeleteUrlCacheEntry and DeleteUrlCacheGroup as described in the following MS webpage? https://docs.microsoft.com/en-us/windows/win32/wininet/caching

To delete cookies, how about:

Re the aforementioned INTERNET_SUPPRESS_COOKIE_PERSIST option with InternetSetOption, I haven't tested it with WPF WebView but I guess it doesn't work anymore because it would need to be set inside the WWAHost process instead of setting it inside your own app's process.

ArchieCoder commented 3 years ago

Each LOB UWP app that I worked with in the last 6 years have been affected by this lack of clearing cookies. This is even worse when the WebAuthenticationBrowser is used.

I see this issue over and over on the web. Please consider adding the feature.