cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Padfield (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-3576) Add support for interstitial user confirmation of self-signed SSL certs to CordovaWebView and InAppBrowser
Date Fri, 31 Jan 2014 12:54:10 GMT

    [ https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13887708#comment-13887708
] 

Chris Padfield commented on CB-3576:
------------------------------------

The user confirmation would work well for us as well; we have a number of enterprise customers
where this is a problem and we can't tell them to change their network setup. Our only other
option is to rewrite in native which we would rather avoid!

> Add support for interstitial user confirmation of self-signed SSL certs to CordovaWebView
and InAppBrowser
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: CB-3576
>                 URL: https://issues.apache.org/jira/browse/CB-3576
>             Project: Apache Cordova
>          Issue Type: Improvement
>          Components: Android, iOS, Plugin InAppBrowser
>    Affects Versions: 2.7.0, 2.8.0
>         Environment: Android and iOS
>            Reporter: Montyleena
>            Priority: Minor
>              Labels: android, https, inappbrowser,, ios, ssl
>         Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local SSL certificate
which can't be verified by a 3rd party). Ideally, user should be given an option to proceed
or cancel the request like the default desktop/mobile browsers do. 
> Right now, we have to overwrite the following API in Android to access such URLs but
onReceivedSslError() function gets called only for the main PhoneGap window browser and not
for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
> 	
> 	public static final String LOG_TAG = "Plugin";
> 	
> 	public CustomWebViewClient(DroidGap ctx) {
>         super(ctx);
>         Log.d(LOG_TAG, "Constructor!");
>     }
>     @Override
>     public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
>     	handler.proceed();
>     }
> }
> In the main class, we use our custom class as a web view client
>  CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
>         webViewClient.setWebView(this.appView);
>         this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once we overwrite
the onReceivedSslError() function, then it should allow such URLs in the InAppBrowser too.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message