…is supported by TouK. OpenRaktor is an event gathering every month the whole Warsaw startup scene in one place to collaborate. Why the best Polish IT students don’t do startups… and how to fix that! – this subject will be discussed today evening at 7 p.m. in Reaktor (Bohomolca 15).
You May Also Like
All field constructor in Groovy
- byDominik Przybysz
- August 16, 2015
TupleConstructor annotation in Groovy generate constructors for class with each of its properties (eventually also fields). The class below@TupleConstructor(includeFields = true)class Person { String firstName String lastName&nb...
Phonegap / Cordova and cross domain ssl request problem on android.
- byPaweł Byszewski
- July 29, 2013
In one app I have participated, there was a use case:
You have to remember that secure connection to service with self-signed certificate is risky and unrecommended. But if you know what you are doing there is some workaround of the security problem. Behavior of method
Thus add new class extended CordovaWebViewClient and override ‘onReceivedSslError’. I strongly suggest to implement custom onReceiveSslError as secure as possible. I know that the problem occours when app try connect to example.domain.com and in spite of self signed certificate the domain is trusted, so only for that case the SslError is ignored.
Now the app created in release mode can connect via https to services with self-signed SSl certificates.
- User fill up a form.
- User submit the form.
- System send data via https to server and show a response.
- ant release
- align
- signing
res/xml/cordova.xml
If whitelist looks fine, the error is most likely caused by inner implementation of Android System. The Android WebView does not allow by default self-signed SSL certs. When app is debug-signed the SSL error is ignored, but if app is release-signed connection to untrusted services is blocked. Workaround
CordovaWebViewClient.onReceivedSslError
must be changed.Thus add new class extended CordovaWebViewClient and override ‘onReceivedSslError’. I strongly suggest to implement custom onReceiveSslError as secure as possible. I know that the problem occours when app try connect to example.domain.com and in spite of self signed certificate the domain is trusted, so only for that case the SslError is ignored.
public class MyWebViewClient extends CordovaWebViewClient {
private static final String TAG = MyWebViewClient.class.getName();
private static final String AVAILABLE_SLL_CN
= "example.domain.com";
public MyWebViewClient(DroidGap ctx) {
super(ctx);
}
@Override
public void onReceivedSslError(WebView view,
SslErrorHandler handler,
android.net.http.SslError error) {
String errorSourceCName = error.getCertificate().
getIssuedTo().getCName();
if( AVAILABLE_SLL_CN.equals(errorSourceCName) ) {
Log.i(TAG, "Detect ssl connection error: " +
error.toString() +
„ so the error is ignored”);
handler.proceed();
return;
}
super.onReceivedSslError(view, handler, error);
}
}
Next step is forcing yours app to use custom implementation of WebViewClient. public class Start extends DroidGap
{
private static final String TAG = Start.class.getName();
@Override
public void onCreate(Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
super.setIntegerProperty("splashscreen", R.drawable.splash);
super.init();
MyWebViewClient myWebViewClient = new MyWebViewClient(this);
myWebViewClient.setWebView(this.appView);
this.appView.setWebViewClient(myWebViewClient);
// yours code
}
}
That is all ypu have to do if minSdk of yours app is greater or equals 8. In older version of Android there is no class android.net.http.SslError
So in class MyCordovaWebViewClient class there are errors because compliator doesn’t see SslError class. Fortunately Android is(was) open source, so it is easy to find source of the class. There is no inpediments to ‘upgrade’ app and just add the file to project. I suggest to keep original packages. Thus after all operations the source tree looks like:Class SslError placed in source tree. |
Easy Hoogle usage from bash
- byDominik Przybysz
- January 31, 2016
What is hoogle? Hoogle is Google for searching of Haskell functions. You could ask it for function name…