I've got a problem with an enterprise intranet (accessible only on the enterprise network).
This website needs a certificate installed on the tablet to be called. At launch, the website calls more than 10 urls that are also secured.
The certificate is correctly installed on the tablet.
On chrome for Windows, we've got no problem at all.
But when we try to access the website from a chrome for Android, Chrome keeps asking wich certificate to use (same problem described there)
So actually, when you connect to the website, you have more than 10 popup that ask you wich certificate to use. When you restart the device, you have to do it again.
I found the http://www.chromium.org/administrators/policy-list-3#AutoSelectCertificateForUrls but it doesn't seem to work on Android devices
I wanted to make an APK with Chrome Custom Tabs, I wanted to "pre-laod" urls calling and intercept for certificate asking, then I wisked I would be able to give it the right one, but it doesn't seem to be possible...
So I wondering how I could do, I'm new in android coding, so I don't know all the possibilities....
Any ideas ?
Thanks !
The solution was to implement the WebView component, that allows you to intercept the certificate request from the server.
You'll have to implement the WebViewClient class, and to use the onReceivedClientCertRequest :
#Override
public void onReceivedClientCertRequest(WebView view, final ClientCertRequest request) {
Log.d(TAG, "Asking for certificate - url " + request.getHost() + " - " + request.getPort());
request.proceed(mPrivateKey, mCertificates);
}
I wanted to retrieve the certificate from the android keystore, I shared the solution here.
Related
When I try out the example: https://threejs.org/examples/webvr_cubes.html on my Android 7.0 Samsung Galaxy 7 phone using the Chrome browser and the Utopia360 headset, everything works and I can enter VR mode. When I try the exact same thing with exactly the same code, only on my local server, I get "Your browser does not support WebVR. See webvr.info for assistance."
The code is exactly the same and the three.js and WebVR.js files are exactly the same except for where the three.js and WebVR.js files are located in the directory structure (i.e. <script src="js/threejs/three.js" type="text/javascript"></script> instead of <script src="../build/three.js"></script>)
The reason is that the threejs page has an embedded origin token to allow webvr to work without setting the chrome flag enable-webvr, but that only works when the page is served from "threejs.org".
You can see this at the top of the demo pages:
<!-- Origin Trial Token, feature = WebXR Device API (For Chrome M69+), origin = https://threejs.org, expires = 2019-01-07 -->
<meta http-equiv="origin-trial" data-feature="WebXR Device API (For Chrome M69+)" data-expires="2019-01-07" content="ArPzyYNrUDiXsGOh647Ya7MtVUA1nM+WFMnPWu7eoF2nQHOP6mTATIbiv0w+k2kFaPofZG/04ZEQdsACq4IA0wQAAABTeyJvcmlnaW4iOiJodHRwczovL3RocmVlanMub3JnOjQ0MyIsImZlYXR1cmUiOiJXZWJYUkRldmljZU02OSIsImV4cGlyeSI6MTU0Njg4MzAxOH0=">
So you have two choices:
Enable the webvr flag (chrome://flags#enable-webvr) in your phones browser,
Request an origin token that matches the domain of your website here: https://webvr.rocks/chrome_for_android.
Setting the flag worked for me even when page was served via http.
The issue is that you must "serve your WebVR content via HTTPS", according to the Google WebVR status documentation.
Threejs.org is a site that uses HTTPS, but your localhost is almost certainly not delivering the content via a secure connection. That's why you're seeing that misleading warning that "Your browser does not support WebVR", when in fact, it does.
Unfortunately, the available methods to deliver HTTPS via Apache make it sound like the three options to get an SSL certificate for localhosts won't work on Chrome for Android (or are pricey), so using the WebVR polyfill is the best solution for the time being.
It should work even with an untrusted certificate if you proceed. The important thing is that you should have a certificate, of course we are speaking about a development environment 1. However the crucial part: you must use Chrome Canary for Android, see later.
Get Certificate
The easiest way
Use glitch, which is an online full-stack IDE (yep, with node and sqlite, made by the stackoverflow people) which will provide you a trusted subdomain.
Still easy and locally working way.
Creating certificate and corresponding certificate authority (CA)
you should use minica CA tool:
Install minica (You must install and setup a GO and gotools first)
go get github.com/jsha/minica
Run this simple command, you should use you LAN IP instead of localhost, though.
minica --domains localhost
which creates the following files in your working directory
minica-key.pem The private key of your new CA
minica.pem The root certificate of your CA
localhost/cert.pem The certificate of your website
localhost/key.pem The private key to sign of your website certificate.
If you do not know what are these concepts, I recommend this friendly introduction.
Serve your site with your certificate.
You can use the http-server npm package, which is easy to use and can serve certificates
http-server -a 0.0.0.0 -p 8080 -S -C localhost/cert.pem -K localhost/key.pem
then access your site like https://192.168.1.42 or whatever is your LAN IP address.
Install Chrome Canary to your Android
Google play has it.
Setup Chrome Canary flags
Type chrome://flags in your Chrome Canary's URL bar and enable the following flags: #enable-webvr and #enable-gamepad-extensions called WebVR and Gamepad extensions respectively.
Now your are good to go. 2
Notes:
If you plan to deploy your app in production you should acquire a globally trusted certificate from a CA. Let's Encrypt is free and easy automate and backed by the Linux Foundation, and sponsored by many big players.
WebVR on Android Chrome is still unstable and will be changed, so what I wrote will be deprecated soon.
I have been viewing my Google App Engine endpoint APIs in the API explorer (localhost) without issues, now am getting this:
in full it says:
You are exploring an API that is described or served via HTTP instead of HTTPS. This is insecure and may be blocked by your browser. To fix this, set up a TLS proxy for your API. Alternatively, you can tell your browser to allow active content via HTTP at this site (on Chrome, click the shield in the URL bar), but this will not improve security or dismiss this message.
This is one of the API methods I have in my endpoint:
#ApiMethod(
name = "insert",
path = "movie",
httpMethod = ApiMethod.HttpMethod.POST)
public Movie insert(Movie movie) throws UnauthorizedException {
...
}
Since I do not know what's causing this all of a sudden, I do not know what else to show.I've tried updating my browsers (Firefox, Opera, Chrome) with no luck.
The same problem appeared to me today
For now if you are using chrome you can click on the shield icon on the right of the URL bar and click on something saying load scripts anyway and your API should appear.
Image: http://i.gyazo.com/f16a557c4b53c147f31067029d15c093.png
You will likely want to use a browser-based workaround, such as the shield icon on Chrome. This was recently added to address a security vulnerability. Unfortunately, we are unable to do better than this. A colleague suggests that stunnel may be viable for setting up a TLS proxy, if you want to go that route.
I am developing a Sencha-Touch + PhoneGap application for Android and I am facing an issue that the web-view gets reloaded if the app was minimized for a long time.
The same thing happened when we run any memory cleaner apps on the device(Like Android Assistant,Clean Master etc..)
There is a login functionality in my app.So if the memory is cleared, the user needs to re-login to the app and the data inside the app will also be lost.(Please note that the data is very important)
How to prevent reload on android web-view when the app comes to foreground?
Or please suggest an alternative solution for retaining the user data.
Please note that I am using cordova 2.3 and sencha touch 2.3
Thanks in advance.
I think you need a client side data storage solution. Sencha Touch offer two solutions that may help you with this issue.
localstorage - http://docs.sencha.com/touch/2.3.1/#!/api/Ext.data.proxy.LocalStorage
Specify a proxy on your store to use local storage
proxy: {
type: 'localstorage',
id : 'important-data'
}
sql storage - http://docs.sencha.com/touch/2.3.1/#!/api/Ext.data.proxy.Sql
Specify a proxy on your store.
proxy: {
type: "sql"
}
With either of the above solutions your data will be available client side independent of the webview being reloaded.
I created my first Sencha touch 2 app by watching this video (http://youtu.be/5F7Gx0-W-M4) and it has a store page structured like this:
Ext.define('FirstApp.store.Places',{
extend:'Ext.data.Store',
config:{
autoLoad:true,
model:'FirstApp.model.Place',
proxy:{
type:'ajax',
url:'https://maps.googleapis.com/maps/api/place/search/json?location=-33.8670522,151.1957362&radius=500&types=food&name=harbour&sensor=false&key=AIzaSyCFWZSKDslql5GZR0OJlVcgoQJP1UKgZ5U',
reader:{
type:'json',
rootProperty:'results'
}
}
}
})
The after-build (after running "sencha app build native") package work very well on my MAC (all browsers) but the generated app (i am running it on my nexus phone) works but doesn't collect any data from the google maps json.
Any help would be appreciated
The example you are referring is using google map's place search API. You can not use this API when you build the app for mobile phone with proxy set to ajax . Basically, you can not use any resource that is outside your domain. Like if your site is at yourdomain.com and there is someotherdomain.com, then you can't make ajax request to this someotherdomain.com from yourdomain.com unless that domain allows you to. In this case, your mobile app is not having any domain. You are just loading a page inside webview.
The reason is, ajax will not be able to load cross-origin resources. App build works on browsers because I believe you're using chrome with --disable-web-security flag. To work with CORS you need to use JsonP proxy. It's the only way if you're packaging for mobile app. If in a case, you own the server ( not in this context though ) then you can allow CORS by setting appropriate headers like
Access-Control-Allow-Origin: *
or
Access-Control-Allow-Origin: http://yourdomain.com/resource
Try setting proxy to JsonP .
I'm trying to create an Android (2.2) app using Phonegap (version 1.9.0) and jQuery Mobile (1.1.0). Specifically, the app is supposed to send a GET request to an existing WCF REST service and retrieve JSON data (a list of folders) and display each item as an option in a select drop down menu.
Right now, all this works as it should when I use the desktop browser. The WCF REST service sends the correct response, the browser renders the page correctly and puts the options in the select menu as I want it to. However, when I use the following code in Android app using Phonegap:
$.getJSON('http://xxx.xxx.xxx/MobileService.svc/GetFolders?callback=?', null, function (folders) {
$.each( folders, function( i, folder ) {
$("#folders").append("<option value='"+folder.Id+"'>"+folder.Name+"</option>");
});
$("#folders").selectmenu("refresh");
});
...I get the error message when I boot the Android app (debugging on physical device):
Connection to the server was unsuccessful. ("file:///android_asset/www/index.html")
When I comment out the above $.getJSON code, the app loads fine, but the select menu is unpopulated.
I've also noticed that apparently because Phonegap uses the "file://" protocol, it is not affected by the "same-origin policy" that the "http://" protocol is...I had been using JSONP when I was working with the browser, which is why I have the callback. I don't think this should be the reason why it is failing, but I dont know. Any help will be greatly appreciated!
Things I've tried:
Changing the access origin to ".*" in the cordova.xml
Adding 'super.setIntegerProperty("loadUrlTimeoutValue", 60000);' to the activity
You can try to set your cordova.xml to "*" instead of ".*" as seen on the Getting Started Guide
Or even better:
http://xxx.xxx.xxx
It turns out in my particular case that the issue boiled down to the mobile phone being on guest wifi network that didn't have access to the network where the REST service was hosted so the connection was being blocked.
Hope that can help someone