[ https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676949#comment-13676949 ]
Montyleena commented on CB-3576: -------------------------------- Hi, I have attached the updated InAppBrowser.java file that fixes this issue and allows one to ignore SSL certificate errors and open a self-signed certificate based https URL in InAppBrowser (I generated a new cordova-2.7.0.jar with these changes and tested the fix on Android). To ignore SSL certificate errors, the user just needs to pass "ignoresslerror=yes" in window.open() function's 3rd argument. Sample usage: window.open(url, '_blank', 'location=yes,ignoresslerror=yes'); Similar code needs to be written for other platforms like iOS, Windows 8 etc. Can anybody please let me know if this fix or a similar fix can be added in future versions of PhoneGap? > Privately signed https links don't work in InAppBrowser > ------------------------------------------------------- > > Key: CB-3576 > URL: https://issues.apache.org/jira/browse/CB-3576 > Project: Apache Cordova > Issue Type: Bug > Components: Plugin InAppBrowser > Affects Versions: 2.7.0 > Environment: Android and iOS > Reporter: Montyleena > Assignee: Steve Gill > Labels: android, https, inappbrowser,, ios, ssl > Attachments: InAppBrowser.java > > > Local https links are blocked by default in InAppBrowser (links using a local > SSL certificate which can't be verified by a 3rd party). Ideally, user should > be given an option to proceed or cancel the request like the default > desktop/mobile browsers do. > Right now, we have to overwrite the following API in Android to access such > URLs but onReceivedSslError() function gets called only for the main PhoneGap > window browser and not for InAppBrowser. > Create a new class: > public class CustomWebViewClient extends CordovaWebViewClient { > > public static final String LOG_TAG = "Plugin"; > > public CustomWebViewClient(DroidGap ctx) { > super(ctx); > Log.d(LOG_TAG, "Constructor!"); > } > @Override > public void onReceivedSslError(WebView view, SslErrorHandler handler, > SslError error) { > handler.proceed(); > } > } > In the main class, we use our custom class as a web view client > CordovaWebViewClient webViewClient = new CustomWebViewClient(this); > webViewClient.setWebView(this.appView); > this.appView.setWebViewClient(webViewClient); > And similar type of code needs to be written for iOS. > InAppBrowser should pick up the SSL settings from the main web view and once > we overwrite the onReceivedSslError() function, then it should allow such > URLs in the InAppBrowser too. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira