Debug apk works fine, which rules out the usual suspects, but when I build, sign, install the release version, no https $http API calls can be made by angular (http to the same endpoint, which I permitted for debugging, works).
cordova whitelist is installed
ionic plugin add cordova-plugin-whitelist
manifest.xml contains the correct directives
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
Ionic config.xml contains the correct directives
<access origin="*"/>
<allow-navigation href="*" />
My index.html declares a permissive Content-Security-Policy:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
I also checked my intermediate certificate chain using two different online SSL checkers--they are fine.
I'm totally stumped. Any ideas?
Re-apply SSL certs taking special care to include intermediary certs.
Despite https://cryptoreport.websecurity.symantec.com/checker/ and three other SSL checkers saying my SSL certs were fine, just to be safe I reset and configured my AWS Elastic Load Balancer SSL settings ensuring we I had included the (says optional, but not optional) intermediate cert, and the problem went away after that.
Modify this function in SystemWebViewClient.java found in
platforms\android\CordovaLib\src\org\apache\cordova
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
final String packageName = this.cordova.getActivity().getPackageName();
final PackageManager pm = this.cordova.getActivity().getPackageManager();
ApplicationInfo appInfo;
try {
appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// debug = true
handler.proceed();
return;
} else {
// debug = false
// THIS IS WHAT YOU NEED TO CHANGE:
// 1. COMMENT THIS LINE
// super.onReceivedSslError(view, handler, error);
// 2. ADD THESE TWO LINES
// ---->
handler.proceed();
return;
// <----
}
} catch (NameNotFoundException e) {
// When it doubt, lock it out!
super.onReceivedSslError(view, handler, error);
}
}
This will ignore if there is any SSL error occured on third party signed self generated certificates.
read in detail here
Related
I have wrapped a Vue app into a Cordova container and deployed on Android via Android Studio. Each request that goes out to my server is failing with the message Error: Network Error.
This is not an issue in browser or iOs.
I have researched this issue and tried various solutions:
I have installed the cordova-plugin-whitelist plugin and configured as described in the documentation
I have set permissions in the AndroidManifest.xml file:
<edit-file mode="merge" parent="/manifest/uses-permission" target="AndroidManifest.xml">
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
</edit-file>
I have setup a "Content-Security-Policy" tag in meta:
<meta data-n-head="1" http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';">
I have changed my server address from localhost:3000 to my server's IP address as instructed in this answer: Network error with axios and android emulator - I also tried to run it via a local-tunnel to have a "real" API URL - same issue
As instructed in the thread above, I have also added headers:
"Content-Type": "application/x-www-form-urlencoded",
Accept: "application/json"
Still Error: Network Error.
I am almost sure this has to do with permissions but there is nothing more I could configure to make it work.
I am testing this on Android 10.0+ device using Cordova 10.
Axios on 0.20.0.
I found a solution for my problem. It looks like Android is not allowing requests to http by default, as stated in this thread: Internet permission not working in oreo and pie
Changing the localtunnel to https solved the issue for me.
We are building an app which requires an API request.
On front end we are using Ionic with Angular. When we tried to send a request to backend we get this error.
It works when we are trying on desktop in browser.
{
"headers":{
"normalizedNames":{
},
"lazyUpdate":null,
"headers":{
}
},
"status":0,
"statusText":"Unknown Error",
"url":"http://server_ip:3000/path/useCode/1234",
"ok":false,
"name":"HttpErrorResponse",
"message":"Http failure response for http://server_ip:3000/path/useCode/1234: 0 Unknown Error",
"error":{
"isTrusted":true
}
}
This is how we send a request.
import { HttpClient, HttpHeaders } from '#angular/common/http';
public sendCodeGET() {
this.httpClient.get(`http://server_ip:3000/path/useCode/${this.code.trim()}`).subscribe(
res => {
this.response = JSON.stringify(res);
},
err => {
this.response = JSON.stringify(err);
this.presentToast(err.error['message']);
}
);
}
We are using NodeJS v10.15.3 where we set CORS header presented below.
app.use((req, res, next) => {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Headers","Origin, X-Requested-With, Content-Type, Accept, Authorization");
res.setHeader("Access-Control-Allow-Methods","GET, POST, OPTIONS, DELETE");
res.setHeader("Access-Control-Expose-Headers","Content-Length,Content-Range");
if (req.method === 'OPTIONS') {
res.setHeader('Access-Control-Allow-Methods', 'PUT, POST, PATCH, DELETE, GET');
return res.status(200).json({});
}
next();
});
config.cml
<access origin="*" />
<allow-navigation href="*" />
<allow-intent href="*" />
index.html
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
We have also tried:
- other API (https://coinmarketcap.com/api)
- POST and GET requests
I faced the same issue, but i sorted it as below. Follow these steps
Open [yourProject]/android/app/src/main/AndroidManifest.xml
2.Add this line there android:usesCleartextTraffic="true"
3.Add this line to config.xml file
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
<application android:usesCleartextTraffic="true" />
</edit-config>
Some things I would suggest trying;
Download a CORS plugin that can allow you to bypass blocked headers
If you're using ionic I am assuming that this if for a hybrid app. Make use of ionic HTTP. You could get better results.
Check out Ionic's official docs for some help https://ionicframework.com/docs/troubleshooting/cors
I have an Ionic app that has been in the app store for over a year. Now suddenly multiple people are reporting that the app doesn't work. They can't get past the loading screen, which is expected if the phone doesn't have an internet connection.
I have set all the necessary settings in the index.html and config.xml files:
index.html
<meta http-equiv="Content-Security-Policy" content="default-src * data: gap: content: https://ssl.gstatic.com ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:35729; media-src * content: cdvphotolibrary:; img-src * content: data: blob: cdvphotolibrary:">
config.xml
<access origin="*" />
<allow-navigation href="*" />
<allow-intent href="*" />
<plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
I have not changed anything on those settings recently.
The app uses https://sentry.io for error logging, but I also cannot see any errors being sent to sentry, which means that either there are no errors, or the app does not have internet access.
The problem only exists on Android, we have not gotten a single report from iOS users. The Android phones tend to be a little bit older (Android 5 and Android 6), and we had one user report that the error was resolved after upgrading to the latest version.
The only option now is to push out a new release with improved error handling to be able to pinpoint the problem, but it's hard because I can't reproduce it on my test devices and I also can't seem to get any feedback from the devices.
Any help would be greatly appreciated.
So the error was not directly related to a connection issue, but rather to the fact that the app couldn't store the credentials to indexedDB, which lead to all the requests failing because they were unauthenticated.
The issue is described here and should be resolved in a couple of days when chrome releases a new version: Chrome on Android: Granted Quota for IndexedDB suddenly almost 0
The sentry HTTP request failed, probably because of a similar issue. This could be resolved by setting allowSecretKey to true.
We have a cordova app that is working fine on ios, and the debug build for Android works fine. The problem is when we build a release version. The app will start up, but none of the ajax calls work.
We've tried a lot of things. We have updated cordova, we have changed the config.xml to have:
<allow-navigation href="*"/>
The only thing that has worked so far is changing the release apk's AndroidManifest.xml to debuggable. We did this so we could debug the problem, but it actually made it so that the ajax calls were being made. I tried uploading that APK, but Google play won't accept an apk that is debuggable.
sigh.....
One other thing that could be helpful information is we recently had to change the Domain of our server. We edited all the files to point to the appropriate server. So they are pointing to the correct host, but I figured it could possibly be a problem with certificates or CORS even.
We could really use some help if anybody has any ideas.
Me and my co worker had a very similar issue to this, we tried everything that was said in these answers and nothing worked. We finally found our issue was an ssl certificate issue with cordova. It is an awful issue because it never exactly tells you its an issue.
here is a link of the article that helped us the most:
http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/
really hope this helps!
The most common issue with this type of error is that the app is missing the whitelist plugin. It is necessary for Android apps, but not for iOS apps.
cordova plugin add cordova-plugin-whitelist
Then in your config.xml you can add the following to allow everything:
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
<access origin="*" />
The linked solution still works for Cordova 9. As I can't comment on answers yet, I write the relevant parts here as Nico wished in case the link doesn't work anymore at some point:
Cordova on Android platforms allows invalid certificates, but only in build mode, and not in release mode, because the WebView doesn't allow "insecure" requests. You have to change 3 lines in the original platform code from Cordova in the following function:
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
final String packageName = this.cordova.getActivity().getPackageName();
final PackageManager pm = this.cordova.getActivity().getPackageManager();
ApplicationInfo appInfo;
try {
appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
// debug = true
handler.proceed();
return;
} else {
// debug = false
// THIS IS WHAT YOU NEED TO CHANGE:
// 1. COMMENT THIS LINE
// super.onReceivedSslError(view, handler, error);
// 2. ADD THESE TWO LINES
// ---->
handler.proceed();
return;
// <----
}
} catch (NameNotFoundException e) {
// When it doubt, lock it out!
super.onReceivedSslError(view, handler, error);
}
}
The file containing the function is SystemWebViewClient.java for Cordova Version 5 and above. In previous versions it's CordovaWebViewClient.java.
Paths:
V5+: project/platforms/android/CordovaLib/src/org/apache/cordova/engine/SystemWebViewClient.java
V4-: project/platforms/android/CordovaLib/src/org/apache/cordova/CordovaWebViewClient.java
Source: Content from link mentionend above by Nico Haase and written by JC Ivancevich
Using phonegap version 6.5.2 I'm trying to whitelist domains for an Android application's data and media requests.
In config.xml I have:
<access origin="*" />
as well as a few specific domains:
<access origin="http://example.com" />
<access origin="http://fonts.googleapis.com" />
I've also tried putting this in my root index.html, which should allow all domains, right?:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
But I'm still getting nothing but 404 errors when my app tries to load content.
What gives?
The basic rule to follow in case of 404 errors in cordova android app are as follows:
Check whether cordova whitelist plugin is installed properly
Check whether allow access origin is set properly in config.xml
Check whether content security policy is set properly in your HTML
files
These steps should address almost all the problems related to 404 errors provided the requested URLs are up and running. Hope it helps. Cheers
Not sure where the problem was, but after uninstalling and re-installing the whitelist plugin, and restarting the simulator, everything seems to be working. Thanks #Gandhi for pointing me in that direction.