You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Mobility (JIRA)" <ji...@apache.org> on 2013/09/18 07:18:51 UTC

[jira] [Commented] (CB-3576) Add support for self-signed SSL certficates in InAppBrowser

    [ https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13770448#comment-13770448 ] 

Mobility commented on CB-3576:
------------------------------

Montyleena,

I am trying to buid phonegap application. In that application I am trying to call external URL using InAppBrowser, but that url sends SSL certificate error which InAppBrowser is unable to decipher. That external URL is payment gateway. I cannot open it in system's browser because it will be security concern.

Could you please guide me in this case as I am not sure how to go about this issue?
                
> Add support for self-signed SSL certficates in InAppBrowser
> -----------------------------------------------------------
>
>                 Key: CB-3576
>                 URL: https://issues.apache.org/jira/browse/CB-3576
>             Project: Apache Cordova
>          Issue Type: Improvement
>          Components: Android, iOS, Plugin InAppBrowser
>    Affects Versions: 2.7.0, 2.8.0
>         Environment: Android and iOS
>            Reporter: Montyleena
>            Assignee: Andrew Grieve
>              Labels: android, https, inappbrowser,, ios, ssl
>         Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local SSL certificate which can't be verified by a 3rd party). Ideally, user should be given an option to proceed or cancel the request like the default desktop/mobile browsers do. 
> Right now, we have to overwrite the following API in Android to access such URLs but onReceivedSslError() function gets called only for the main PhoneGap window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
> 	
> 	public static final String LOG_TAG = "Plugin";
> 	
> 	public CustomWebViewClient(DroidGap ctx) {
>         super(ctx);
>         Log.d(LOG_TAG, "Constructor!");
>     }
>     @Override
>     public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
>     	handler.proceed();
>     }
> }
> In the main class, we use our custom class as a web view client
>  CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
>         webViewClient.setWebView(this.appView);
>         this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once we overwrite the onReceivedSslError() function, then it should allow such URLs in the InAppBrowser too.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira