On Mon, Jan 13, 2014 at 2:00 PM, Tommy-Carlos Williams <to...@devgeeks.org> wrote: > Marcel, > > Well, I was hoping it would not come down to custom TrustManagers. I was > hoping to hook into the CordovaWebViewClient’s shouldInterceptRequest(). > > I realise this is in API 11+, but don’t know of another way off the top of my > head (was hoping this thread could help, yay). > > Is the issue related to that “security hole” thread where the whitelist isn’t > checked with ajax/xhr on API < 11 ? >
Yup. There's no such thing as shouldInterceptRequest() in Gingerbread. I think we should just assume that anyone who owns a Gingerbread phone is already owned based on the tons of other known security flaws on that device and just move on. > > > > On 14 Jan 2014, at 8:53 am, Marcel Kinard <cmarc...@gmail.com> wrote: > >> I am curious how this would be implemented on Android. If you construct an >> SSLSocketFactory with your private TrustManager that contains the pinned >> cert, how do you get the Android webview to use that SSLSocketFactory? >> >
