HtmlViewer, Windows and Google account

Our application has to get back an API authorization key from Google after a connection to a google account.
We use an htmlviewer control to display the connection page and let the user enter his credentials and authorize the use of the API. Then the application get the key from the url provided by Google.
On macos, we have no problem.
On Windows (10 or 11), we can’t ! Google decides that “our web browser is unsecured and we MUST choose an other browser”.
htmlviewer’s renderer is set either to Native or WebKit.
We have this problem with all releases of Xojo

How can we solve this (huge) issue ?

Oh ! I have the same problem

Here are the headers sent by HTMViewer on Windows :
“host”: “NNNNNNNN”,
“x-forwarded-for”: “”,
“connection”: “close”,
“accept”: “/”,
“accept-language”: “fr-FR,fr;q=0.5”,
“accept-encoding”: “gzip, deflate”,
“user-agent”: “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)”

And the ones sent by MS-EDGE (Windows 11)
“host”: “NNNNNNNN”,
“x-forwarded-for”: “”,
“connection”: “close”,
"upgrade-insecure-requests": “1”,
“user-agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Edg/103.0.1264.37”,
“accept”: “text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”,
“accept-encoding”: “gzip, deflate”,
“accept-language”: “fr,fr-FR;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6”,
“if-none-match”: "W/“123b-UA6tLwp/gWeSN7kmaVglSriSzb8"”

There are big differences(in bold).

With 2022R2 : HTMLVIEWER on WINDOWS is still an unsecure webbrowser for Google !!!
We can’t do anything with Xojo and Google.
No way to change anything.

In Windows I use the HTMLViewerMBS from Monkeybread which fully supports Microsoft WebView. It solves a lot of problems for me and may help with this. And if it doesn’t then let Christian at Monkeybread know. He often solves such problems with a quick turn-around usually in a day or so. He’s the best.

It’s in his “MBS Xojo WinFrameworks Plugin”

If it is using OAuth2 then it could be that Google (like others) are starting to block embedded browsers due to security issues.

If that is the cause, you can refer to this recent forum thread where I mention some possible solutions:

What version of Xojo are you using? Webkit has been updated many times over the years and “Native” is no longer an option.

When I use me.LoadURL("") which is just an example from a tutorial I get a invalid clientid screen (expected) not a blank page.

HTMLViewer is NOT a browser.

With HTMLViewerMBS : same problem : unsecure browser or application…

Reach out to Christian at MBS and see if he can fix this:

Christian Schmitz

Understand :
Application tells the default webbrowser to do the job and to forward the GGL answer to her.
I wonder how to do that in Xojo (finding a free TCPPort, telling the Web Browser and getting back the answer)…
I wonder too why that’s run on Macos with the same HTMLViewer.

The Chilkat plugin seems to do the job.