All geek questions in one place

Phonegap / Cordova whitelisted cross domain SSL request does not work after exporting the APK

I created a phonegap application that should communicate with a self-signed SSL service.

I included my url in res / xml / cordova.xml like this:

<access origin="https://www.mydomain.com" subdomains="true" />

and this works fine when I start and create from eclipse, but if I then export and sign the application and manually install the APK, then the application will not be able to contact my web service.

Communication with the server is performed using the Sencha Touch library as follows:

 Ext.Ajax.request({ url: 'https://www.mydomain.com', method: 'get', success: function(result) { }, failure: function(result) { } });

Any help is much appreciated

+6
source share
2 answers

The problem is that you are using a self-signed certificate. Android WebView does not allow self-signed SSL certificates by default. PhoneGap / Cordova overrides this in the CordovaWebViewClient class , but does not strongly reject its behavior; if the application is debug-signed, it will proceed and ignore the error, otherwise it will fail.

You can change the code associated with the code in your application and make the onReceivedSslError method always call handler.proceed() - but this is not recommended. Do not use a self-signed certificate!

+10
source

I did the following to get around the limitation (Cordova 1.7.0 is currently in use). This is definitely inherently unsafe:

 public class MyWebViewClient extends CordovaWebViewClient { public MyWebViewClient(DroidGap ctx) { super(ctx); } @Override public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { // testing against getPrimaryError() or hasErrors() will fail on Honeycomb or older. // You might check for something different, such as specific info in the certificate, //if (error.getPrimaryError() == SslError.SSL_IDMISMATCH) { handler.proceed(); //} else { // super.onReceivedSslError(view, handler, error); //} } }

and then in the main action:

 @Override public void init() { super.init(); //pass in our webviewclient to override SSL error this.setWebViewClient(this.appView, new MyWebViewClient(this)); }
+3
source

Source: https://habr.com/ru/post/917721/

More articles:


All Articles