在应用程序浏览器中摆脱 Cordova 中的 SSL 验证
Get rid of SSL verification in Cordova in app browser
我正在构建一个网络和混合移动应用程序。这些应用程序在暂存环境中使用 ssl 自签名证书与第三方服务通信。桌面浏览器允许接受带有 risk 警告的无效证书,但在 iOS 应用程序中我收到此错误
Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be "xxx" which could put your confidential information at risk.
我了解风险,但由于我的第三方提供商无法为登台服务器中的服务提供有效的 ssl 证书,所以我别无选择。
在 iOS 和 android inappbrowser 插件中是否有任何 configs/possibilities 允许无效的 ssl 证书。
非常感谢您的帮助。
您可以为该暂存服务器设置 https 代理。您的应用程序使用有效证书联系 https://proxy_to_staging_server.yourdomain.com 并 proxy_to_staging_server.yourdomain.com 向真实登台服务器发出后端请求并复制 anwser
iOS will always complain about invalid certificates, either in debug or release mode. To avoid this you should place the following code at the end of the AppDelegate.m file.
@implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end
For Cordova users this file is placed in
project/platforms/ios/Project/Classes/AppDelegate.m
Android (Cordova specific)
In Android the history is different. It will allow you to make requests to services with invalid certificates, but only if the app is compiled in build mode. On the other hand, when you would build the app in release mode (ie: to send the APK to a co-worker or stuff like that), the Cordova Web View, which is where the HTML + CSS + JS you wrote runs, will not allow you to make “insecure” requests. Once again, to avoid this you should modify a platform file. In this case the file will be CordovaWebViewClient.java
You would need to modify a method in the mentioned filed, like this:
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
final String packageName = this.cordova.getActivity().getPackageName();
final PackageManager pm = this.cordova.getActivity().getPackageManager();
ApplicationInfo appInfo;
try {
appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// debug = true
handler.proceed();
return;
} else {
// debug = false
// THIS IS WHAT YOU NEED TO CHANGE:
// 1. COMMENT THIS LINE
// super.onReceivedSslError(view, handler, error);
// 2. ADD THESE TWO LINES
// ---->
handler.proceed();
return;
// <----
}
} catch (NameNotFoundException e) {
// When it doubt, lock it out!
super.onReceivedSslError(view, handler, error);
}
}
This file is placed in (Cordova v4 and below)
project/platforms/android/CordovaLib/src/org/apache/cordova/CordovaWebViewClient.java
In newer versions of Cordova (v5 and later) the file is now placed in
project/platforms/android/CordovaLib/src/org/apache/cordova/engine/SystemWebViewClient.java
和
You should not use these solutions for production apps. This is just to test them or share them with co-workers.
参考:Ignoring invalid SSL certificates on Cordova for Android and iOS
在 cordova-android@6.3.0(和更新版本?)中编辑 SystemWebViewClient.java 并编辑 onReceivedSslError 如大写注释所示:
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
final String packageName = parentEngine.cordova.getActivity().getPackageName();
final PackageManager pm = parentEngine.cordova.getActivity().getPackageManager();
ApplicationInfo appInfo;
try {
appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// debug = true
handler.proceed();
return;
} else {
// debug = false
// ADD THESE LINES TO IGNORE INVALID SSL CERTIFICATE
handler.proceed();
return;
// COMMENT THIS LINE:
//super.onReceivedSslError(view, handler, error);
}
} catch (NameNotFoundException e) {
// When it doubt, lock it out!
super.onReceivedSslError(view, handler, error);
}
}
现在在调试和发布配置中都将忽略 SSL 证书错误。
这取自 this article 中的一个答案。
这是使用 Capacitor 对我有用的方法
注意:我正在更改依赖文件,但我只是将其用于开发目的,因为我们所有的开发服务器都使用不同的域名(我们当时不拥有)来自我们的实时域名。
Android - node_modules/@capacitor/android/capacitor/src/main/java/com/getcapacitor/Bridge.java
Find the existing webView.setWebViewClient(new WebViewClient() {...}); line. Line 207 for me.
// Line #207
webView.setWebViewClient(new WebViewClient() {
// Add this override method
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, >SslError error) {
handler.proceed();
return;
}
...
}
iOS - Pods/Development Pods/Capacitor/CAPBridgeViewController.swift
// Line #204
// Add this public class method to the CAPBridgeViewController
public func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
let cred = URLCredential(trust: challenge.protectionSpace.serverTrust!)
completionHandler(.useCredential, cred)
}
谢谢@Levi Murray。
对于 Capacitor 2.2.0,您需要调整@Levi Murray 的回答。
Android - node_modules/@capacitor/android/capacitor/src/main/java/com/getcapacitor/BridgeWebViewClient.java
将覆盖方法与其他方法一起添加。
....
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed();
return;
}
我正在构建一个网络和混合移动应用程序。这些应用程序在暂存环境中使用 ssl 自签名证书与第三方服务通信。桌面浏览器允许接受带有 risk 警告的无效证书,但在 iOS 应用程序中我收到此错误
Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be "xxx" which could put your confidential information at risk.
我了解风险,但由于我的第三方提供商无法为登台服务器中的服务提供有效的 ssl 证书,所以我别无选择。
在 iOS 和 android inappbrowser 插件中是否有任何 configs/possibilities 允许无效的 ssl 证书。
非常感谢您的帮助。
您可以为该暂存服务器设置 https 代理。您的应用程序使用有效证书联系 https://proxy_to_staging_server.yourdomain.com 并 proxy_to_staging_server.yourdomain.com 向真实登台服务器发出后端请求并复制 anwser
iOS will always complain about invalid certificates, either in debug or release mode. To avoid this you should place the following code at the end of the AppDelegate.m file.
@implementation NSURLRequest(DataController) + (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host { return YES; } @endFor Cordova users this file is placed in
project/platforms/ios/Project/Classes/AppDelegate.mAndroid (Cordova specific)
In Android the history is different. It will allow you to make requests to services with invalid certificates, but only if the app is compiled in build mode. On the other hand, when you would build the app in release mode (ie: to send the APK to a co-worker or stuff like that), the Cordova Web View, which is where the HTML + CSS + JS you wrote runs, will not allow you to make “insecure” requests. Once again, to avoid this you should modify a platform file. In this case the file will be CordovaWebViewClient.java
You would need to modify a method in the mentioned filed, like this:
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { final String packageName = this.cordova.getActivity().getPackageName(); final PackageManager pm = this.cordova.getActivity().getPackageManager(); ApplicationInfo appInfo; try { appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA); if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) { // debug = true handler.proceed(); return; } else { // debug = false // THIS IS WHAT YOU NEED TO CHANGE: // 1. COMMENT THIS LINE // super.onReceivedSslError(view, handler, error); // 2. ADD THESE TWO LINES // ----> handler.proceed(); return; // <---- } } catch (NameNotFoundException e) { // When it doubt, lock it out! super.onReceivedSslError(view, handler, error); } }This file is placed in (Cordova v4 and below)
project/platforms/android/CordovaLib/src/org/apache/cordova/CordovaWebViewClient.javaIn newer versions of Cordova (v5 and later) the file is now placed in
project/platforms/android/CordovaLib/src/org/apache/cordova/engine/SystemWebViewClient.java
和
You should not use these solutions for production apps. This is just to test them or share them with co-workers.
参考:Ignoring invalid SSL certificates on Cordova for Android and iOS
在 cordova-android@6.3.0(和更新版本?)中编辑 SystemWebViewClient.java 并编辑 onReceivedSslError 如大写注释所示:
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
final String packageName = parentEngine.cordova.getActivity().getPackageName();
final PackageManager pm = parentEngine.cordova.getActivity().getPackageManager();
ApplicationInfo appInfo;
try {
appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// debug = true
handler.proceed();
return;
} else {
// debug = false
// ADD THESE LINES TO IGNORE INVALID SSL CERTIFICATE
handler.proceed();
return;
// COMMENT THIS LINE:
//super.onReceivedSslError(view, handler, error);
}
} catch (NameNotFoundException e) {
// When it doubt, lock it out!
super.onReceivedSslError(view, handler, error);
}
}
现在在调试和发布配置中都将忽略 SSL 证书错误。
这取自 this article 中的一个答案。
这是使用 Capacitor 对我有用的方法
注意:我正在更改依赖文件,但我只是将其用于开发目的,因为我们所有的开发服务器都使用不同的域名(我们当时不拥有)来自我们的实时域名。
Android - node_modules/@capacitor/android/capacitor/src/main/java/com/getcapacitor/Bridge.java
Find the existing
webView.setWebViewClient(new WebViewClient() {...});line. Line 207 for me.// Line #207 webView.setWebViewClient(new WebViewClient() { // Add this override method @Override public void onReceivedSslError(WebView view, SslErrorHandler handler, >SslError error) { handler.proceed(); return; } ... }iOS - Pods/Development Pods/Capacitor/CAPBridgeViewController.swift
// Line #204 // Add this public class method to the CAPBridgeViewController public func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { let cred = URLCredential(trust: challenge.protectionSpace.serverTrust!) completionHandler(.useCredential, cred) }
谢谢@Levi Murray。
对于 Capacitor 2.2.0,您需要调整@Levi Murray 的回答。
Android - node_modules/@capacitor/android/capacitor/src/main/java/com/getcapacitor/BridgeWebViewClient.java
将覆盖方法与其他方法一起添加。
....
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed();
return;
}