Webview KioskWeb Engine
JavaScript, DOM storage, cookies, cache, user agent, zoom
1. Enable JavaScript
When enabled, the WebView can execute JavaScript code on web pages.
This is required for most modern websites to function properly.
Android API: WebSettings#setJavaScriptEnabled(boolean)
Default: true
2. Enable DOM Storage
When enabled, websites can use DOM storage APIs such as localStorage and sessionStorage.
Useful for saving data client-side in the browser context.
Android API: WebSettings#setDomStorageEnabled(boolean)
Default: true
3. Accept Cookies
When enabled, the WebView allows websites to store and read cookies.
This includes first-party cookies that persist session or preference data.
Android API: CookieManager#setAcceptCookie(boolean)
Default: true
4. Accept Third-party Cookies
When enabled, third-party websites (embedded in iframes or resources) are allowed to set cookies.
This is important for services like embedded analytics or login widgets.
Android API: CookieManager#setAcceptThirdPartyCookies(android.webkit.WebView, boolean)
Default: false
5. Cache Mode
Controls how the WebView uses its cache when loading pages. Options:
- Default (
LOAD_DEFAULT) - Normal caching behavior; the WebView decides when to use cached content. - Cache else network (
LOAD_CACHE_ELSE_NETWORK) - Uses cached content if available; otherwise fetches from network. - No cache (
LOAD_NO_CACHE) - Always fetches from the network; ignores cached content. - Cache only (
LOAD_CACHE_ONLY) - Only loads content from cache; network requests are skipped.
Android API: WebSettings#LOAD_CACHE_ELSE_NETWORK
Default: LOAD_DEFAULT
6. User Agent
The User Agent string controls how the web engine identifies itself to websites. Some sites may behave differently depending on this value.
Leave blank to use the system default User Agent.
Android API: WebSettings#setUserAgentString(java.lang.String)
Default: (blank)
7. Layout Algorithm
Controls how the WebView arranges and scales content. Options:
- Normal - No rendering changes. Recommended for maximum compatibility across different platforms and Android versions.
- Single Column - Moves all content into one column that is the width of the view. Deprecated in API 29
- Narrow Columns - Makes all columns no wider than the screen if possible. Only use for API levels prior to KitKat. Deprecated in API 29
- Text Autosizing - Boosts font size of paragraphs based on heuristics to make text readable in wide-viewport layouts. Recommended to enable zoom support. Supported from API level KitKat.
Android API: WebSettings.LayoutAlgorithm
Default: NORMAL
8. Use Wide ViewPort
When enabled, the WebView will use a viewport wide enough to fit the content as if viewed on a desktop browser.
Android API: WebSettings#setUseWideViewPort(boolean)
Default: true
9. Load With Overview Mode
When enabled, the WebView scales the page so that the content fits on screen initially.
Android API: WebSettings#setLoadWithOverviewMode(boolean)
Default: true
10. Zoom Controls
10.1. Enable Zoom
Allows pinch-to-zoom gestures.
Android API: WebSettings#setBuiltInZoomControls(boolean)
Default: true
10.2. Display Zoom Controls
Shows on-screen zoom buttons.
Android API: WebSettings#setDisplayZoomControls(boolean)
Default: false
11. File Access
These settings are insecure and deprecated.
To access file:// URLs, you will also need to enable Web Content -> Allow Local Files, which will set
WebSettings#setAllowFileAccess(boolean)
accordingly.
11.1. Allow File Access from File URLs
This method was deprecated in API level 30.
Sets whether cross-origin requests in the context of a file scheme URL should be allowed to access content from other file scheme URLs. Note that some accesses such as image HTML elements don't follow same-origin rules and aren't affected by this setting.
Don't enable this setting if you open files that may be created or altered by
external sources. Enabling this setting allows malicious scripts loaded in a
file:// context to access arbitrary local files including WebView cookies and
app private data.
Android API: WebSettings#setAllowFileAccessFromFileURLs(boolean)
Default: false
11.2. Allow Universal Access from File URLs
This method was deprecated in API level 30.
Sets whether cross-origin requests in the context of a file scheme URL should be allowed to access content from any origin. This includes access to content from other file scheme URLs or web contexts. Note that some access such as image HTML elements doesn't follow same-origin rules and isn't affected by this setting.
Don't enable this setting if you open files that may be created or altered by
external sources. Enabling this setting allows malicious scripts loaded in a
file:// context to launch cross-site scripting attacks, either accessing
arbitrary local files including WebView cookies, app private data or even
credentials used on arbitrary web sites.
Android API: WebSettings#setAllowUniversalAccessFromFileURLs(boolean)
Default: false
12. Kiosk Control Panel Region
Controls which part of the screen can be multi-tapped 10 times in quick succession to show the Kiosk Control Panel.
| Option | Description |
|---|---|
TOP_LEFT | Upper-left quadrant of the screen. |
TOP_RIGHT | Upper-right quadrant of the screen. |
BOTTOM_LEFT | Lower-left quadrant of the screen. |
BOTTOM_RIGHT | Lower-right quadrant of the screen. |
TOP | Entire top half of the screen. |
BOTTOM | Entire bottom half of the screen. |
FULL | Entire screen. |
DISABLED | Touch regions are inactive - cannot open Kiosk Control Panel. |
default: TOP_LEFT
13. Media Playback Requires User Gesture
Sets whether the WebView requires a user gesture (e.g. tap) to play media.
Android API: WebSettings#setUseWideViewPort(boolean)
Default: true