I am developing phoneGap application which is integrated with web service for requesting data.
Communication used to happen through HTTP but I want to take it to HTTPS communication.
I integrated SSL for my tomcat server and I can send HTTPS request from RESTClient using browser.
But my phoneGap mobile application is not able to communicate for HTTPS request.
Any extra setting required for it?
I am targeting android and iOS for now.
Any help will be appreciated.
We had to face the same issue last week in our own project.
In Android we didn't have any problem with it, we observed that Android trusted all the certificates (are you having issues with Android?), however in iOS we had some trouble.
The first thing you can do is to install the trusted certificate in your iOS... but it will be problematic for basic users.
The solution we decided to take was to allow access to all SSL for our application, in order to do that you have to add the next code at the end of your AppDelegate.m file:
#implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
#end
Related
I'm working on a project which is a mobile application developed with Ionic. The project is split into two parts: a mobile front-end and a back-end. The back-end is performing all the calls to external services and applying business rules, while the front-end only calls my back-end.
One of the services I'm using is a IAM service using Oauth2 protocol. I've implemented the authorization code flow to integrate this service. Until now, I was always using the command ionic serve to run my front-end in a web browser, and everything is going well.
But now, for testing purposes, I need to run my front-end in an android emulator. In order for my front-end to contact my back-end, I'm using the IP 10.0.2.2 (which is the alias of the loopback of my machine where my back-end is running).
The problem is with the redirect of the authentication service. It is not something that I have control on, and it can take weeks or months for the service provider to update my client configuration. When I want to authenticate myself through the app running on emulator, it opens a InAppBrowser to perform the authentication. When I successfully authenticated myself against the service, the redirect URI is http://127.0.0.1:8080/xxxx, and this response is sent to that InAppBrowser.
My question is:
Is there a way to replace the base URL of that response (without changing the client configuration), so that I can send the call response to my back-end ?
NOTE: I've been trying to find a solution online, but I can't find anything on that topic. I suspect that in that matter, I probably lack some vocabulary in order to find what I'm looking for.
Is there a way to
I created an app via cordova/PhoneGap is loaded and running successfully on PlayStore.
This app performs call in Ajax in https (with certificate).
A short time ago I renewed this certificate for my domain and from that moment the app stopped working.
I read this: https://developer.android.com/training/articles/security-ssl.html#Blacklisting
That Android can block my calls? I ended up in the blacklist? How do I check this?
NOTE: The same app for the iPhone has remained functional. For this reason I think it is the only cause.
The SSL Labs Server Test indicates that the server is sending an incomplete certificate chain for this domain. You can use What's My Chain Cert? to obtain the correct chain that needs to be sent by your server and Android apps should be able to validate trust.
As for why this worked in iOS and not in Android, check out this answer.
I have a web service for my android and Iphone application that connects to online database.
now we want to apply SSL on the web server. will this effect on my web service?
will the android and iphone applications keeps running or will be stopped? because in the applications they are linked to the web service like this
http://www.example.com/service/index.php
and now after applying SSL the website will be like
https://www.example.com
should I change my applications to
https://www.example.com/service/index.php
or its ok if I kept the old link in my applications (android and iphone)?
When we enable SSL in our server we can keep our unsecure http access or redirect it to secure https.
Use secure communication is always a good practice but it will cost you a bit more of effort.
As an Android developer I was able to use https REST webservices thanks to this answer.
For iOS I have no idea but this answer could be a good starting point.
I have a backend server that is accessible on two ports - one with HTTP and another with HTTPS. It uses a self-signed certificate.
From my ionic/cordova hybrid app when I run using HTTP requests they all succeed. During first request I also include a basic authorization. However, the exact same requests fail when using HTTPS. For example
http://10.1.2.3:8000/hello.js <<< works like a charm
https://10.1.2.3:8100/hello.js <<<< this fails (but works in android browser after a warning page)
I wonder how to proceed. Do I need to register the self-signed certificate somewhere in config, or something else?
Thanks a lot.
I wonder if you have found your answer or not, but still want to post answer for others looking for the solution: Cordova doesn't allow https calls to Servers with untrusted ssl certificate installed on them. You can ignore this error and continue by making a small change in a cordova file.
Open “\cordova\platforms\android\CordovaLib\src\org\apache\cordova\ CordovaWebViewClient.java”. In 'onReceivedSslError' method, comment the else part and add handler.proceed() instead.
Currently I am building an app using phonegap for the Android and iOS systems. Essentially, it will be a website but I am running into some difficulties due the cross domain requests I need to make via ajax (same origin policy). Im wondering if its better to make the website on my own servers, where PHP is allowed, and then use a wrapper/frame in phonegap to emulate the site? How would that work?
Help appreciated
You shouldn't be having this problem at all. PhoneGap apps are loaded on the device as local file:// pages, and the cross-domain security policy does not apply to them.
From the PhoneGap FAQ:
Q. I want to create an application for phonegap to access externally deployed web services via AJAX. How can i resolve the issue with the
cross-domain security policy of XmlHttpRequest?
A. The cross-domain security policy does not affect PhoneGap applications. Since the html files are called by webkit with the file:// protocol, the security policy does not apply.
(in Android,you may grant android.permission.INTERNET to your app by edit the AndroidManifest.xml)
If you are having issues with cross-domain requests then consider using something like jsonp as the data interchange format. Where are you requesting the data from?
If I understand correctly, you want to create a PHP proxy for a cross domain service so that you can access it with your mobile app using phonegap? This is a pretty common thing, its done a lot in Flash as well to get past cross domain restrictions.
For one of my demos I need to access Google Images from Flash. To do so I created a VERY simple PHP proxy on my server called imageproxy.php. Here's the complete code:
<?php
readfile($_POST['url']);
?>
Yep, thats its. So in your case, if you were using this PHP proxy on your server, you would send this proxy your target URL as a post variable and the proxy makes the request and returns the response via readfile().