[
https://issues.apache.org/jira/browse/CB-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13745803#comment-13745803
]
Montyleena commented on CB-3576:
--------------------------------
Wow, this is really a sad sad decision. Please check these enterprise apps:
https://itunes.apple.com/us/app/cinemate/id674386455?mt=8
https://play.google.com/store/apps/details?id=com.barco.cinemate
These apps do require privately signed URL access and i had to hack my way to
make it work in InAppBrowser. Lot of people have commented in this thread
itself that they do need this functionality. As i mentioned earlier, it's
possible to make it work in the main Cordova WebView by overwriting
onReceivedSslError(), then why there is no such option in the InAppBrowser? In
that case, you should remove this option from the main Cordova WebView too.
>> Joe Bowser wrote:
>> After reading the mailing list, it looks like this will NOT be added to
>> InAppBrowser, since there is very little reason to add it for a corp >> VPN
>> setup. (If your network is so secure, why do you need broken SSL?)
Corporate networks or VPNs are secure that's why we usually can't verify the
https identity through an external certification authority. You can't expect
them to change https to http for all internal sites just because InAppBrowser
doesn't handle it or give an option to the user if he wants to continue with
the link or block it.
If you compare InAppBrowser to a normal browser, a normal browser gives an
option to the user in case of a unverifiable https link, so i suppose this
should be the case for Cordova WebView as well as InAppBrowser, after all you
are treating InAppBrowser as a normal browser window.
> Add support for self-signed SSL certficates in InAppBrowser
> -----------------------------------------------------------
>
> Key: CB-3576
> URL: https://issues.apache.org/jira/browse/CB-3576
> Project: Apache Cordova
> Issue Type: Improvement
> Components: Android, iOS, Plugin InAppBrowser
> Affects Versions: 2.7.0, 2.8.0
> Environment: Android and iOS
> Reporter: Montyleena
> Assignee: Joe Bowser
> Labels: android, https, inappbrowser,, ios, ssl
> Attachments: InAppBrowser.java
>
>
> Local https links are blocked by default in InAppBrowser (links using a local
> SSL certificate which can't be verified by a 3rd party). Ideally, user should
> be given an option to proceed or cancel the request like the default
> desktop/mobile browsers do.
> Right now, we have to overwrite the following API in Android to access such
> URLs but onReceivedSslError() function gets called only for the main PhoneGap
> window browser and not for InAppBrowser.
> Create a new class:
> public class CustomWebViewClient extends CordovaWebViewClient {
>
> public static final String LOG_TAG = "Plugin";
>
> public CustomWebViewClient(DroidGap ctx) {
> super(ctx);
> Log.d(LOG_TAG, "Constructor!");
> }
> @Override
> public void onReceivedSslError(WebView view, SslErrorHandler handler,
> SslError error) {
> handler.proceed();
> }
> }
> In the main class, we use our custom class as a web view client
> CordovaWebViewClient webViewClient = new CustomWebViewClient(this);
> webViewClient.setWebView(this.appView);
> this.appView.setWebViewClient(webViewClient);
> And similar type of code needs to be written for iOS.
> InAppBrowser should pick up the SSL settings from the main web view and once
> we overwrite the onReceivedSslError() function, then it should allow such
> URLs in the InAppBrowser too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
