[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676949#comment-13676949
]
Montyleena commented on CB-3576:
--------------------------------
Hi,
I have attached the updated InAppBrowser.java file that fixes this issue and
allows one to ignore SSL certificate errors and open a self-signed certificate
based https URL in InAppBrowser (I generated a new cordova-2.7.0.jar with these
changes and tested the fix on Android). To ignore SSL certificate errors, the
user just needs to pass "ignoresslerror=yes" in window.open() function's 3rd
argument. Sample usage:
window.open(url, '_blank', 'location=yes,ignoresslerror=yes');
Similar code needs to be written for other platforms like iOS, Windows 8 etc.
Can anybody please let me know if this fix or a similar fix can be added in
future versions of PhoneGap?
> Privately signed https links don't work in InAppBrowser
> -------------------------------------------------------
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin InAppBrowser
> Affects Versions: 2.7.0
> Environment: Android and iOS
> Reporter: Montyleena
> Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
