public - Dave's Blog


Changing the User Agent string in UWP WebView

2018 Oct 23, 9:32

There's no perfect way to change the user agent string for the UWP WebView (x-ms-webview in HTML, Windows.UI.Xaml.Controls.WebView in XAML, and Windows.Web.UI.Interop.WebViewControl in Win32) but there are two imperfect methods folks end up using.

The first is to call UrlMkSetSessionOption. This is an old public API that allows you to configure various arcane options including one that is the default user agent string for requests running through urlmon. This API is allowed by the Microsoft Store for UWP apps. The change it applies is process wide which has two potential drawbacks. If you want to be able to have different UA strings set for different requests from a WebView that's not really possible with this solution. The other drawback is if you're using out of process WebView, you need to ensure you're calling into UrlMkSetSessionOption in the WebView's process. You'll need to write third party WinRT that calls UrlMkSetSessionOption, create the out of proc WebView, navigate it to some trusted local page, use AddWebAllowedObject or provide that URI WinRT access, and call into your third party WinRT. You'll need to do that for any new WebView process you create.

The second less generally applicable solution is to use NavigateWithHttpRequestMessage and set the User-Agent HTTP header. In this case you get to control the scope of the user agent string changes but has the limitations that not all sub resource downloads will use this user agent string and for navigations you don't initiate you have to manually intercept and re-request being careful to transfer over all POST body state and HTTP headers correctly. That last part is not actually possible for iframes.

PermalinkCommentsuser-agent uwp webview

Tweet from Seth Abramson

2017 Jan 22, 5:21
Retweet if you want networks to stop booking Kellyanne Conway, the first U.S. presidential counselor to openly advocate lying to the public.

Let's Encrypt Update

2016 Nov 5, 8:59

Since I had last posted about using Let's Encrypt with NearlyFreeSpeech, NFS has changed their process for setting TLS info. Instead of putting the various files in /home/protected/ssl and submitting an assistance request, now there is a command to submit the certificate info and a webpage for submitting the certificate info.

The webpage is{username}/sites/{sitename}/add_tls and has a textbox for you to paste in all the cert info in PEM form into the textbox. The domain key, the domain certificate, and the Let's Encrypt intermediate cert must be pasted into the textbox and submitted.

Alternatively, that same info may be provided as standard input to nfsn -i set-tls

To renew my certificate with the updated NFS process I followed the commands from Andrei Damian-Fekete's script which depends on

python --account-key account.key --csr domain.csr --acme-dir /home/public/.well-known/acme-challenge/ > signed.crt
wget -O - > intermediate.pem
cat domain.key signed.crt intermediate.pem > chained.pem
nfsn -i set-tls < chained.pem
Because my certificate had already expired I needed to comment out the section in that validates the challenge file. The filenames in the above map to the following:
  • signed.crt is the Let's Encrypt provided certificate
  • account.key is the user private key registered with LE
  • domain.csr is the cert request
  • domain.key is the key for the domain cert
PermalinkCommentscertificate lets-encrypt

Tweet from SwiftOnSecurity

2016 Oct 13, 11:02
Give flair to users with 2FA turned on. Make it a status symbol, then public shaming takes over. "U don't have 2FA what if you get hacked?"

Tweet from David Risney

2016 Oct 11, 5:49
"Trump’s One Public Service Was Exposing the Misogyny of the GOP" 

Tweet from Justin Wolfers

2016 Sep 13, 12:05
Here comes the latest income and poverty statistics... Be prepared to adjust your talking points... 

Tweet from David Risney

2016 Aug 18, 6:28
Is Internet a public place?  Place? No, a process that acts like place. Public? Sort of. See Mall related case law

WinRT Toast from PowerShell

2016 Jun 15, 3:54

I've made a PowerShell script to show system toast notifications with WinRT and PowerShell. Along the way I learned several interesting things.

First off calling WinRT from PowerShell involves a strange syntax. If you want to use a class you write [-Class-,-Namespace-,ContentType=WindowsRuntime] first to tell PowerShell about the type. For example here I create a ToastNotification object:

$toast = New-Object Windows.UI.Notifications.ToastNotification -ArgumentList $xml;
And here I call the static method CreateToastNotifier on the ToastNotificationManager class:
$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppUserModelId);
With this I can call WinRT methods and this is enough to show a toast but to handle the click requires a little more work.

To handle the user clicking on the toast I need to listen to the Activated event on the Toast object. However Register-ObjectEvent doesn't handle WinRT events. To work around this I created a .NET event wrapper class to turn the WinRT event into a .NET event that Register-ObjectEvent can handle. This is based on Keith Hill's blog post on calling WinRT async methods in PowerShell. With the event wrapper class I can run the following to subscribe to the event:

function WrapToastEvent {
param($target, $eventName);

Add-Type -Path (Join-Path $myPath "PoshWinRT.dll")
$wrapper = new-object "PoshWinRT.EventWrapper[Windows.UI.Notifications.ToastNotification,System.Object]";
$wrapper.Register($target, $eventName);

[void](Register-ObjectEvent -InputObject (WrapToastEvent $toast "Activated") -EventName FireEvent -Action {

To handle the Activated event I want to put focus back on the PowerShell window that created the toast. To do this I need to call the Win32 function SetForegroundWindow. Doing so from PowerShell is surprisingly easy. First you must tell PowerShell about the function:

Add-Type @"
using System;
using System.Runtime.InteropServices;
public class PInvoke {
[DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetForegroundWindow(IntPtr hwnd);
Then to call:
[PInvoke]::SetForegroundWindow((Get-Process -id $myWindowPid).MainWindowHandle);

But figuring out the HWND to give to SetForegroundWindow isn't totally straight forward. Get-Process exposes a MainWindowHandle property but if you start a cmd.exe prompt and then run PowerShell inside of that, the PowerShell process has 0 for its MainWindowHandle property. We must follow up process parents until we find one with a MainWindowHandle:

$myWindowPid = $pid;
while ($myWindowPid -gt 0 -and (Get-Process -id $myWindowPid).MainWindowHandle -eq 0) {
$myWindowPid = (gwmi Win32_Process -filter "processid = $($myWindowPid)" | select ParentProcessId).ParentProcessId;
} c# powershell toast winrt

Tweet from David_Risney

2016 Feb 20, 1:40
Preview of Obama's post presidency standup tour @CSPANVL …

Retweet of NiemanLab

2016 Feb 3, 4:30
Public radio staffers across the U.S. lay out new guidelines for the "Wild West” of podcast audience measurement …

JavaScript Types and WinRT Types

2016 Jan 21, 5:35PermalinkCommentschakra development javascript winrt

Retweet of jonnysun

2016 Jan 6, 8:48
if ur nervouse abot public speakimg just imagine ur audiemce isnt wearimg any skin. just all fuly clothed skeletobs who wamt ur skin. Wait

Tweet from David_Risney

2016 Jan 3, 9:50 … New elements' "proposed names...will be open for public review for 5 months". How will the Internet ruin this? Hm

Retweet of emilyakopp

2015 Dec 21, 9:06
Florida man addicted to PAC …

Retweet of 18F

2015 Mar 16, 9:48
Today the White House is proposing an HTTPS-only standard for the entire federal government:  Public comment welcome!

Retweet of davemethvin

2015 Feb 5, 9:34
When when the defenders of synchronous AJAX appear for the 14th time … 

Houston, We Have A Public Domain Problem

2014 Jun 24, 3:18

A bogus SoundCloud takedown anecdote and a brief history of and issues with US copyright law.

Another reminder that the rest of the Western world has a public domain day every year in which new IP enters the public domain

PermalinkCommentslaw copyright

Netflix API : Retiring the Netflix Public API

2014 Jun 15, 3:02

First they came for our RSS feeds and I said nothing…

PermalinkCommentstechnical Netflix web api api

Search Art |

2014 Jan 22, 11:40

Various folks on OpenGameArt have converted the now public domain Glitch art assets into SVG and PNG.

PermalinkCommentsart glitch copyright game technical

URI functions in Windows Store Applications

2013 Jul 25, 1:00PermalinkCommentsc# c++ javascript technical uri windows windows-runtime windows-store
Older Entries Creative Commons License Some rights reserved.