[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13693224#comment-13693224
]
Andrew Grieve commented on CB-3576:
---
Another option would be to add a whitelist of acceptable https URLs in the
app's config.xml. Would that suffice?
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android, iOS, Plugin InAppBrowser
>Affects Versions: 2.7.0, 2.8.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13693222#comment-13693222
]
Andrew Grieve commented on CB-3576:
---
Hi Montyleena, I think your use case is definitely a valid one. I'm not sure
having ignoresslerror=yes option is the best answer to the problem though.
What if the webview is navigated away from its original destination? You'd
probably want to provide a whitelist of URLs to allow instead. *OR* have a JS
callback to ask if it's allowed. E.g.
var iab = window.open(...);
iab.onSSLError = function(url) {
return !!/^https://myalloweddomain.com\//.exec(url);
};
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android, iOS, Plugin InAppBrowser
>Affects Versions: 2.7.0, 2.8.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13683069#comment-13683069
]
Montyleena commented on CB-3576:
I have added a pull request. Here are the links:
iOS: https://github.com/apache/cordova-ios/pull/59
Android: https://github.com/apache/cordova-android/pull/63
Let's hope this gets included in the next release.
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin InAppBrowser
>Affects Versions: 2.7.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13681914#comment-13681914
]
Montyleena commented on CB-3576:
I have fixed this issue for Android and iOS. I will try to generate a
contribute request so this can get included in the next release.
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin InAppBrowser
>Affects Versions: 2.7.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13679411#comment-13679411
]
Mike Kwan commented on CB-3576:
---
I am hitting a similar problem on the iOS implementation although I can not
confirm the root cause is the same. The issue I am seeing is that the
InAppBrowser displays a PDF over HTTP fine but when the same PDF coming over
HTTPS the PDF as bytes rather than as a PDF. Will investigate further.
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin InAppBrowser
>Affects Versions: 2.7.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676949#comment-13676949
]
Montyleena commented on CB-3576:
Hi,
I have attached the updated InAppBrowser.java file that fixes this issue and
allows one to ignore SSL certificate errors and open a self-signed certificate
based https URL in InAppBrowser (I generated a new cordova-2.7.0.jar with these
changes and tested the fix on Android). To ignore SSL certificate errors, the
user just needs to pass "ignoresslerror=yes" in window.open() function's 3rd
argument. Sample usage:
window.open(url, '_blank', 'location=yes,ignoresslerror=yes');
Similar code needs to be written for other platforms like iOS, Windows 8 etc.
Can anybody please let me know if this fix or a similar fix can be added in
future versions of PhoneGap?
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin InAppBrowser
>Affects Versions: 2.7.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13676786#comment-13676786
]
Montyleena commented on CB-3576:
Another important finding:
I downloaded PhoneGap 2.7.0's source code and found that InAppBrowser.java
doesn't override onReceivedSslError() like CordovaWebViewClient.java does. I
added an implementation of onReceivedSslError() in InAppBrowser.java and did
handler.proceed() inside that and generated cordova-2.7.0.jar and ran my
application. As expected, i was able to open the https URL in InAppBrowser
after this.
So, it looks like:
InAppBrowser.java is missing the re-implementation of onReceivedSslError() and
even after this, we need some way to override this from the external code
because we don't have access to the InAppBrowser object from the PhoneGap app.
So, some form of flag or API needs to be provided through which we can set the
https URL preference similar to what we can do with the main Cordova web view
by overwriting onReceivedSslError().
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin InAppBrowser
>Affects Versions: 2.7.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-3576) Privately signed https links don't work in InAppBrowser
[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13675635#comment-13675635
]
Montyleena commented on CB-3576:
Another thing which points to this being a bug:
If we set android:debuggable="true" in AndroidManifest.xml, the self-signed
https URL start working in the main web view but doesn't work in the
InAppBrowser. If we set android:debuggable="false", the URLs get blocked but
the solution i posted above works for the main web view only.
> Privately signed https links don't work in InAppBrowser
> ---
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Bug
> Components: Plugin InAppBrowser
>Affects Versions: 2.7.0
> Environment: Android and iOS
>Reporter: Montyleena
>Assignee: Steve Gill
> Labels: android, https, inappbrowser,, ios, ssl
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
