I have a local HTML file (e.g. file:///xxx.html) containing AJAX code to read and process contents of pages on remote hosts (that are not my own). On desktop, I do this by running a local web server that returns remote data (I use Nginx with proxy_pass on specific url patterns). For example, if I want to get data from http://example.com/, I use JQuery's ajax with http://localhost:9000/http://example.com/ as the URL.
How can I do this on (non-rooted) Android? Is there an Android web server that supports proxy_pass on specific url patterns? Or is there an Android app/browser that allows cross-domain AJAX requests from local HTML files? Or any other solutions?
By default from Any Android Browser starting from Android 2.1, it supports CORS (Cross-Origin Resource Sharing) feature. Check: http://caniuse.com/cors
In addition, The REST service also need to configure to allow cors from Server Side as well. For enabling at Server side set an attribute in Response:
Access-Control-Allow-Origin: *
For more refer: http://enable-cors.org/server.html
Related
I'm developing an Android application, it is like a browser, has a web-view and sends http(s) requests. For debugging purpose, I want to be able to see the requests sent and received by the application (in particular the headers), but I'm unable to do so.
What i tried
I mainly debug the app with Chrome on PC, and use the Network Inspector in Chrome. The problem is that my app uses the ShouldInterceptRequest to intercept the requests an then manually sends a request with cronet. Chrome, in this case, shows some "provisional headers" that are from the original request, an not the headers of the actual request i sent manually.
I tried to use Fiddler and HTTP Toolkit, but the server I'm communicating with, doesn't like the certificate they use, so they can monitor correctly, but, if active, i cannot reach the page i need to monitor.
I also tried the Android Studio network inspector, but seems it work only for HttpURLConnection and Okhttp(1)
Thanks for your time.
If you're using a WebView, set a custom WebViewClient and override shouldInterceptRequest. That will pass in a WebResourceRequest object that will include all headers.
I am working on the Android client implementation that connects via websocket to a server. I've just enabled HTTPS on the server instance and now I am receiving this issue:
W/System.err: com.neovisionaries.ws.client.HostnameUnverifiedException: The certificate of the peer (CN=otherdomain.com) does not match the expected hostname (domain.com)
at com.neovisionaries.ws.client.SocketConnector.verifyHostname(SocketConnector.java:171)
at com.neovisionaries.ws.client.SocketConnector.doConnect(SocketConnector.java:126)
at com.neovisionaries.ws.client.SocketConnector.connect(SocketConnector.java:83)
at com.neovisionaries.ws.client.WebSocket.connect(WebSocket.java:2152)
at com.neovisionaries.ws.client.ConnectThread.runMain(ConnectThread.java:32)
at com.neovisionaries.ws.client.WebSocketThread.run(WebSocketThread.java:45)
It seems that the websocket client is finding mismatched server host names.
Some other related info:
otherdomain.com is a different one of our URLs. It is pointed to separate instance of the same web application running on the same server as domain.com which is the app I am currently working on.
My code is logging the URL that it is connecting to and I can see that it is correctly referencing domain.com:
connecting to: wss://domain.com?session_key=TheCorrectSessionKey
As noted otherdomain.com is another instance of the same web application. That instance already previously had HTTPS enabled and everything is working properly with that instance. The same client code I am using now is able to connect successfully to this instance.
The same web application has a front end page that also connects to the websocket via wss://. This is working properly in both Chrome and Firefox browsers for domain.com, as far as I can tell the only client having issues is the Android client, and it's only the domain.com variant of the app having issues, the otherdomain.com one seems to be working fine.
I found this issue opened on the library I am using for websockets. But I'm not 100% sure if my problem is related to it, but it may be. In particular someone states:
Not being able to connect to a WebSocket-enabled server domain unless it is also configured to be the default server on the website.
I assume only one site can be default, and perhaps otherdomain.com got set to default since it was completed first. This is all a bit over my head though to be honest, I'm not sure if this is relavent or not.
I'm currently working on a Cordova app written with AngularJS.
When I run the built APK on the android tablet or the iPad, the requests are sent with the "Origin" header set to "file://". This makes the server to reject the request for CORS reasons.
I've seen that the origin should be set to "null", not "file://" when Cordova sends the requests.
I'm actually using cordova-plugin-whitelist.
The communication between the app and the server is using SOAP protocol, and i'm using an external module in the frontend that sends the requests with XmlHttpRequest.
I don't wan't, for security reasons, to allow "file://" origin on server side. Is there any way to remove the origin from the requests ? I tried to manually set the Origin header of the XmlHttpRequest, but of course, it creates an error "Refused to set unsafe header "Origin"".
How could I make this work without impacting the security ?
Does something like a Cordova plugin that removes the "Origin" header from all the AJAX exists ?
Thanks
I have a ASP.NET website deployed to IIS with a couple of ashx that returns JSONs to be consumed by an Android application.
I have implemented an authentication logic using Basic Authentication.
The problem: When accessed from Android, the server response is a 400 Bad request. The httperr log file says "400 - Hostname -".
It works when I try it out on localhost from Android emulator
It works when accessing the ashx file on the server from a browser
It works when replicating the call in Fiddler
(If I use Fiddler with the Android Emulator, the Response will be -1 (and looking in Fiddler at the raw data sent, it seems to loose the host from the url) - but this is another issue so don't dwell on that, i just thought I would mention it...)
Turns out my problem (and solution) was the same as in this thread:
HTTP POST request with authorization on android
I am creating an aplication that involves an WebView. The thing is that I want to load the full page and not the mobile one, so I have changed the User Agent. Nevertheless there are pages that loads the mobile version.
Here are two versions of code that I have tried:
1.webview.getSettings().setUserAgentString("Mozila ");
2.
String DESKTOP_USERAGENT = webview.getSettings().getUserAgentString ();
DESKTOP_USERAGENT = DESKTOP_USERAGENT.replace("Mobile ","");
webview.getSettings().setUserAgentString(DESKTOP_USERAGENT);
This are exemples of webpages that loads the mobile version in any cases:
http://www.jurnalul.ro
http://www.androidzoom.com
1.Does anyone knows how I can trick the server and tell him I am using a desktop and not a mobile?
2.How does a website knows that I am using a mobile version?
Thank you very much,
Razvan
The problem may be that if you are using a device that your carrier is routing all your HTTP requests through a proxy, and that the proxy is changing the User-Agent. Check on the other end, with your own server, using nc -l 80 -vvv that your request is indeed sending the User-Agent that you have modified.
EDIT: Some specific troubleshooting steps
Forward a port 9090 on your router to your desktop machine or laptop.
Download netcat
Run netcat with the command "nc -l 9090 -vvv"
In your Android application's WebView, make an HTTP request with the User-Agent you are injecting to http://your.ip.address:9090
In the terminal you ran netcat, you will see the HTTP request dump in plain text. There you can check the HTTP header User-Agent to see if it has been changed by a proxy server or not.
You cannot test this stuff with Wireshark or Fiddler because it is happening in the WAN. You need to test it on the receiving end, either on a server, or on your own desktop machine.
webview.getSettings().setUserAgent(1);//for desktop 1 or mobil 0.