Search code examples
javajavafxwebviewwebengine

Cannot sign in to Google in JavaFX WebView

I cannot sign in to Google in JavaFX WebView. The page doesn't load when I click the 'Next' button.

Other logins on different websites work fine.

Here is an example you can run:

import javafx.application.Application;
import javafx.scene.Scene;
import javafx.scene.layout.StackPane;
import javafx.scene.web.WebEngine;
import javafx.scene.web.WebView;
import javafx.stage.Stage;

public class App extends Application
{
    @Override
    public void start(Stage primaryStage) throws Exception
    {
        WebView browser = new WebView();

        WebEngine webEngine = browser.getEngine();

        webEngine.load("https://calendar.google.com");

        StackPane root = new StackPane();
        root.getChildren().add(browser);

        primaryStage.setScene(new Scene(root, 600, 600));
        primaryStage.show();
    }

    public static void main(String[] args)
    {
        launch(args);
    }
}

Screenshot here

Solution

  • Short Version:

    Add the following line to your main method, before you load the page:

    System.setProperty("sun.net.http.allowRestrictedHeaders", "true");

    Long Version:

    My first instinct was that JavaScript wasn't working, but I tested dummy emails and correctly got the error:

    Couldn't find your Google Account

    So it seemed like some JavaScript was working, but not the part which enabled the user to continue to enter their password. I added the following listener to listen for console errors, which I found here:

    com.sun.javafx.webkit.WebConsoleListener.setDefaultListener(
    (webView, message, lineNumber, sourceId) ->
        System.out.println("Console: [" + sourceId + ":" + lineNumber + "] " + message)
);

    This resulted in the following error:

    Console: [null:0] XMLHttpRequest cannot load https://ssl.gstatic.com/accounts/static/_/js/blahblahblah
    Origin https://accounts.google.com is not allowed by Access-Control-Allow-Origin.

    This is a security feature called Same-Origin Policy. It's designed to stop pages being able to load scripts from potentially malicious third-party websites.

    I searched for "Same Origin Policy JavaFX" and found the following question which will solve your problem.

    The full application with both the fix and the additional logging is:

    public class CalendarController extends Application
{
    @Override
    public void start(Stage primaryStage) throws Exception
    {
        WebView browser = new WebView();

        WebEngine webEngine = browser.getEngine();

        com.sun.javafx.webkit.WebConsoleListener.setDefaultListener(
            (webView, message, lineNumber, sourceId)-> System.out.println("Console: [" + sourceId + ":" + lineNumber + "] " + message)
        );

        webEngine.load("http://calendar.google.com");

        StackPane root = new StackPane();
        root.getChildren().add(browser);

        primaryStage.setScene(new Scene(root, 600, 600));
        primaryStage.show();
    }

    public static void main(String[] args)
    {
        System.setProperty("sun.net.http.allowRestrictedHeaders", "true");
        launch(args);
    }
}