![Apple's M5 iPad Pro Enters Advanced Testing for 2025 Launch [Gurman]](https://www.iclarified.com/images/news/96865/96865/96865-640.jpg)
![M5 MacBook Pro Set for Late 2025, Major Redesign Waits Until 2026 [Gurman]](https://www.iclarified.com/images/news/96868/96868/96868-640.jpg)
![Apple to Revamp Health App with AI-Powered Doctor [Gurman]](https://www.iclarified.com/images/news/96870/96870/96870-640.jpg)
![What Google Messages features are rolling out [March 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![Charging clients to use an open source software and proprietary modules [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
![[FREE EBOOKS] The Ultimate Linux Shell Scripting Guide, Artificial Intelligence for Cybersecurity & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.png?#)
Intercepting requests from WebView
Have you ever wondered how you can intercept ANY requests that your WebView makes in both Android and iOS? Well, turns out that this is possible and not so hard to do. Android For Android it's actually pretty simple! You need to create a custom web view client and override the shouldInterceptRequest function. So it would look like this: WebView(context).apply { ... webViewClient = object : WebViewClientCompat() { override fun shouldInterceptRequest( view: WebView, request: WebResourceRequest, ): WebResourceResponse? { val requestHost = request.url.host val isRequestAllowed = allowedHostsList.entries.any { it.host == requestHost } if (isRequestAllowed) { return null // Here you can return null or call super.shouldInterceptRequest(view, request) } return WebResourceResponse("text/html", "utf-8", 403, "Blocked", emptyMap(), ByteArrayInputStream(ByteArray(0))) } } ... } This method allows you to intercept the request and handle it as you may see fit. Remember that the request.url.host is a string that contains only the host, so no pathname or protocol there. If you want to get this information, you can get it from the request.url object. iOS For iOS it's not so straightforward. Actually there's no way to intercept the request, so we need to resort to a little trick. You can intercept navigation requests (going from one url to another), with WKNavigationDelegate, but not requests made by the javascript from the website, for example. To our rescue, we can use WKContentRuleList, which in essence is a list that works in the same way as the content blockers from Safari (the browser). We can use this content rule list to block requests to specific urls. First, we need to define the rule list, compile it and add to our webview. There's a gotcha, tough, we need to first block everything and then allow the domains we want (it's a trick, after all). The rule list is a simple json array: [ { "trigger": { "url-filter": ".*" }, "action": { "type": "block" } }, { "trigger": { "url-filter": "google.com" }, "action": { "type": "ignore-previous-rules" } } ] The composition of the rule is pretty simple, you have a trigger object, and a action one. The trigger key component is the url-filter, which accepts a regex to match the url, and .* will match all urls. The action key component is the type, which will define what will happen for the matched url. You can check the complete list of options for the trigger here and for the action block here. In this example, we first block all requests, and then we allow only requests to google.com by defining the action of type ignore-previous-rules, which as the name implies, will ignore any rule that the url matched before. After having your list set up, you need to compile and apply it to the userContentController. let contentRulesList = """ [ { "trigger": { "url-filter": ".*" }, "action": { "type": "block" } }, { "trigger": { "url-filter": "google.com" }, "action": { "type": "ignore-previous-rules" } } ] """ let compiledContentRulesList = try await WKContentRuleListStore .default() .compileContentRuleList( forIdentifier: "MyAppList", encodedContentRuleList: contentRulesList ) webViewConfiguration.userContentController .add(compiledContentRulesList!) After that, you are all set! Conclusion Now you know how to intercept and block/allow requests for webviews in both android and iOS. For android it's pretty simple and straighforward, but for iOS we need the WKContentRuleList trick. Hopefully we will have a more direct way in the future. Thanks for reading! If you have any questions, let me know.
Have you ever wondered how you can intercept ANY requests that your WebView makes in both Android and iOS?
Well, turns out that this is possible and not so hard to do.
Android
For Android it's actually pretty simple! You need to create a custom web view client and override the shouldInterceptRequest function. So it would look like this:
WebView(context).apply {
...
webViewClient =
object : WebViewClientCompat() {
override fun shouldInterceptRequest(
view: WebView,
request: WebResourceRequest,
): WebResourceResponse? {
val requestHost = request.url.host
val isRequestAllowed =
allowedHostsList.entries.any { it.host == requestHost }
if (isRequestAllowed) {
return null // Here you can return null or call super.shouldInterceptRequest(view, request)
}
return WebResourceResponse("text/html", "utf-8", 403, "Blocked", emptyMap(), ByteArrayInputStream(ByteArray(0)))
}
}
...
}
This method allows you to intercept the request and handle it as you may see fit. Remember that the request.url.host is a string that contains only the host, so no pathname or protocol there. If you want to get this information, you can get it from the request.url object.
iOS
For iOS it's not so straightforward. Actually there's no way to intercept the request, so we need to resort to a little trick. You can intercept navigation requests (going from one url to another), with WKNavigationDelegate, but not requests made by the javascript from the website, for example.
To our rescue, we can use WKContentRuleList, which in essence is a list that works in the same way as the content blockers from Safari (the browser).
We can use this content rule list to block requests to specific urls. First, we need to define the rule list, compile it and add to our webview. There's a gotcha, tough, we need to first block everything and then allow the domains we want (it's a trick, after all).
The rule list is a simple json array:
[
{
"trigger": {
"url-filter": ".*"
},
"action": {
"type": "block"
}
},
{
"trigger": {
"url-filter": "google.com"
},
"action": {
"type": "ignore-previous-rules"
}
}
]
The composition of the rule is pretty simple, you have a trigger object, and a action one.
The trigger key component is the url-filter, which accepts a regex to match the url, and .* will match all urls.
The action key component is the type, which will define what will happen for the matched url.
You can check the complete list of options for the trigger here and for the action block here.
In this example, we first block all requests, and then we allow only requests to google.com by defining the action of type ignore-previous-rules, which as the name implies, will ignore any rule that the url matched before.
After having your list set up, you need to compile and apply it to the userContentController.
let contentRulesList = """
[
{
"trigger": {
"url-filter": ".*"
},
"action": {
"type": "block"
}
},
{
"trigger": {
"url-filter": "google.com"
},
"action": {
"type": "ignore-previous-rules"
}
}
]
"""
let compiledContentRulesList = try await WKContentRuleListStore
.default()
.compileContentRuleList(
forIdentifier: "MyAppList",
encodedContentRuleList: contentRulesList
)
webViewConfiguration.userContentController
.add(compiledContentRulesList!)
After that, you are all set!
Conclusion
Now you know how to intercept and block/allow requests for webviews in both android and iOS.
For android it's pretty simple and straighforward, but for iOS we need the WKContentRuleList trick. Hopefully we will have a more direct way in the future.
Thanks for reading! If you have any questions, let me know.
