[
https://issues.apache.org/jira/browse/CB-5758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16182861#comment-16182861
]
ASF GitHub Bot commented on CB-5758:
------------------------------------
Github user infil00p commented on the issue:
https://github.com/apache/cordova-plugin-inappbrowser/pull/243
The SSL code in Cordova proper pre-dates the whitelist, so all it does is
ignore the error and proceed with the SSL without validating the certificate.
I'm pretty sure we actually don't want this behaviour going forward, and if we
allow any self-signed certificate trusting in the future, it will be with a
flag as described in CB-12232
> Give same behavior to InAppBrowser as CordovaWebView for self-signed certs
> --------------------------------------------------------------------------
>
> Key: CB-5758
> URL: https://issues.apache.org/jira/browse/CB-5758
> Project: Apache Cordova
> Issue Type: New Feature
> Components: cordova-plugin-inappbrowser
> Reporter: Marcel Kinard
> Priority: Minor
>
> See CB-3576 for history. This is a request that came from there.
> At least on the Android platform, the main webview (CordovaWebView) will
> silently accept self-signed certs when debuggable="true" in
> AndroidManifest.xml. (Hopefully other platforms have a similar behavior in
> pre-production.) The goal of this new feature is to get InAppBrowser to have
> the same behavior as the main webview in this respect, which is does not have
> today. Then both the main webview and InAppBrowser will behave consistently
> when they encounter https connections that have a self-signed cert.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
