CoreWebView2NavigationStartingEventArgs Class
Event args for the CoreWebView2.NavigationStarting event.
Summary
| Members | Description |
|---|---|
| AdditionalAllowedFrameAncestors | Additional allowed frame ancestors set by the host app. |
| Cancel | Determines whether to cancel the navigation. |
| IsRedirected | true when the navigation is redirected. |
| IsUserInitiated | true when the new window request was initiated through a user gesture. |
| NavigationId | Gets the ID of the navigation. |
| NavigationKind | Gets the navigation kind of the navigation. |
| RequestHeaders | Gets the HTTP request headers for the navigation. |
| Uri | Gets the uri of the requested navigation. |
Properties
AdditionalAllowedFrameAncestors
string AdditionalAllowedFrameAncestors
Additional allowed frame ancestors set by the host app.
The app may set this property to allow a frame to be embedded by additional ancestors besides what is allowed by http header X-Frame-Options and Content-Security-Policy frame-ancestors directive.
If set, a frame ancestor is allowed if it is allowed by the additional allowed frame ancestors or original http header from the site.
Whether an ancestor is allowed by the additional allowed frame ancestors is done the same way as if the site provided it as the source list of the Content-Security-Policy frame-ancestors directive.
For example, if https://example.com and https://www.example.com are the origins of the top page and intermediate iframes that embed a nested site-embedding iframe, and you fully trust those origins, you should set this property to https://example.com https://www.example.com.
This property gives the app the ability to use iframe to embed sites that otherwise could not be embedded in an iframe in trusted app pages.
This could potentially subject the embedded sites to Clickjacking attack from the code running in the embedding web page. Therefore, you should only set this property with origins of fully trusted embedding page and any intermediate iframes.
Whenever possible, you should use the list of specific origins of the top and intermediate frames instead of wildcard characters for this property.
This API is to provide limited support for app scenarios that used to be supported by <webview> element in other solutions like JavaScript UWP apps and Electron.
You should limit the usage of this property to trusted pages, and specific navigation target url, by checking the CoreWebView2.Source, and CoreWebView2NavigationStartingEventArgs.Uri.
This property is ignored for top level document navigation.
Cancel
bool Cancel
Determines whether to cancel the navigation.
If set to true, the navigation is no longer present and the content of the current page is intact. For performance reasons, GET HTTP requests may happen, while the host is responding. You may set cookies and use part of a request for the navigation. Navigations to about schemes are cancellable, unless msWebView2CancellableAboutNavigations feature flag is disabled. Cancellation of frame navigation to srcdoc is not supported and will be ignored.
IsRedirected
readonly bool IsRedirected
true when the navigation is redirected.
IsUserInitiated
readonly bool IsUserInitiated
true when the new window request was initiated through a user gesture.
Examples of user initiated requests are:
- Selecting an anchor tag with target
- Programmatic window open from a script that directly run as a result of user interaction such as via onclick handlers. Non-user initiated requests are programmatic window opens from a script that are not directly triggered by user interaction, such as those that run while loading a new page or via timers. The Microsoft Edge popup blocker is disabled for WebView so the app is able to use this flag to block non-user initiated popups.
NavigationId
readonly uint64_t NavigationId
Gets the ID of the navigation.
NavigationKind
readonly CoreWebView2NavigationKind NavigationKind
Gets the navigation kind of the navigation.
RequestHeaders
readonly CoreWebView2HttpRequestHeaders RequestHeaders
Gets the HTTP request headers for the navigation. Note, you are not able to modify the HTTP request headers in a CoreWebView2.NavigationStarting event.
Uri
readonly string Uri
Gets the uri of the requested navigation.