[jira] [Updated] (CB-3576) Privately signed https links don't work in InAppBrowser

Thu, 06 Jun 2013 05:16:44 -0700 

     [ 
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Montyleena updated CB-3576:
---------------------------

    Attachment: InAppBrowser.java

This is the updated InAppBrowser.java file which allows one to ignore SSL 
certificate errors and open a self-signed certificate based https URL. To 
ignore SSL error, the user just needs to pass "ignoresslerror=yes" in 
window.open() function's 3rd argument. Sample usage:

window.open(url, '_blank', 'location=yes,ignoresslerror=yes');
                
> Privately signed https links don't work in InAppBrowser
> -------------------------------------------------------
>
>                 Key: CB-3576
>                 URL: https://issues.apache.org/jira/browse/CB-3576
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin InAppBrowser
>    Affects Versions: 2.7.0
>         Environment: Android and iOS
>            Reporter: Montyleena
>            Assignee: Steve Gill
>              Labels: android, https, inappbrowser,, ios, ssl
>         Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local 
> SSL certificate which can't be verified by a 3rd party). Ideally, user should 
> be given an option to proceed or cancel the request like the default 
> desktop/mobile browsers do. 
> Right now, we have to overwrite the following API in Android to access such 
> URLs but onReceivedSslError() function gets called only for the main PhoneGap 
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>       
>       public static final String LOG_TAG = "Plugin";
>       
>       public CustomWebViewClient(DroidGap ctx) {
>         super(ctx);
>         Log.d(LOG_TAG, "Constructor!");
>     }
>     @Override
>     public void onReceivedSslError(WebView view, SslErrorHandler handler, 
> SslError error) {
>       handler.proceed();
>     }
> }
> In the main class, we use our custom class as a web view client
>  CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
>         webViewClient.setWebView(this.appView);
>         this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once 
> we overwrite the onReceivedSslError() function, then it should allow such 
> URLs in the InAppBrowser too.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to