Clever Geek Handbook

SSL bypass error in Cora InAppBrowser plugin

I added the InAppBrowser plugin to the Cordova project to access the site and get the token, but as long as the site opens normally in desktop browsers, the same happens when opened from a mobile browser.

Also, the built-in browser will by default prompt for continuation on SSL error, but Cordova InAppBrowser does not ask for such an option and instead displays an error page. I am opening IAB using the following code:

var iab = window.open('http://www.example.com', '_blank', 'location=yes');

Any idea on how to bypass SSL-erros in InAppBrowser?

+3


source to share


2 answers


I'm going to expand on the answer to a related question ( phonegap inappbrowser https pages are not loading ). This only applies to Android, sorry, still works on iOS.

Add this code:

    public void onReceivedSslError(WebView view,
                SslErrorHandler handler, SslError error) {
        Log.e("Error", "Received SSL error"+ error.toString());
        handler.proceed();
    }


to the InAppBrower.java file from the plugin. Specifically, it should be in the InAppBrowserClient class.

Hope this helps!

+6


source


Paste the correct code from below InAppBrowser.java into your plugin LOCATED IN platforms \ android \ src \ org \ apache \ cordova \ inappbrowser \ InAppBrowser.java

Filtered code below java code:

import android.net.http.SslError;
import android.webkit.SslErrorHandler;

@SuppressLint("SetJavaScriptEnabled")
public class InAppBrowser extends CordovaPlugin {


    private boolean ignoreSSLError = false;


    private HashMap<String, Boolean> parseFeature(String optString) {
        if (optString.equals(NULL)) {
            return null;
        } else {
            HashMap<String, Boolean> map = new HashMap<String, Boolean>();
            StringTokenizer features = new StringTokenizer(optString, ",");
            StringTokenizer option;
            while(features.hasMoreElements()) {
                option = new StringTokenizer(features.nextToken(), "=");
                if (option.hasMoreElements()) {
                    String key = option.nextToken();
                    if(key.equalsIgnoreCase(IGNORE_SSL_ERROR)) {
                        Boolean value = option.nextToken().equals("no") ? Boolean.FALSE : Boolean.TRUE;
                        map.put(key, value);
                    }
                    else {
                        Boolean value = option.nextToken().equals("no") ? Boolean.FALSE : Boolean.TRUE;
                        map.put(key, value);
                    }

                }
            }
            return map;
        }
    }



    public String showWebPage(final String url, HashMap<String, Boolean> features) {
        // Determine if we should hide the location bar.
        showLocationBar = true;
        showZoomControls = true;
        openWindowHidden = false;
        ignoreSSLError = false;
        if (features != null) {
            Boolean show = features.get(LOCATION);
            if (show != null) {
                showLocationBar = show.booleanValue();
            }
            Boolean SSLError = features.get(IGNORE_SSL_ERROR);
            if(SSLError != null){
                ignoreSSLError = SSLError.booleanValue();
            }
            Boolean zoom = features.get(ZOOM);
            if (zoom != null) {
                showZoomControls = zoom.booleanValue();
            }
            Boolean hidden = features.get(HIDDEN);
            if (hidden != null) {
                openWindowHidden = hidden.booleanValue();
            }
            Boolean hardwareBack = features.get(HARDWARE_BACK_BUTTON);
            if (hardwareBack != null) {
                hadwareBackButton = hardwareBack.booleanValue();
            }
            Boolean cache = features.get(CLEAR_ALL_CACHE);
            if (cache != null) {
                clearAllCache = cache.booleanValue();
            } else {
                cache = features.get(CLEAR_SESSION_CACHE);
                if (cache != null) {
                    clearSessionCache = cache.booleanValue();
                }
            }
        }


            @SuppressLint("NewApi")
            public void run() {

                ((InAppBrowserClient) client).setSSLErrorFlag(ignoreSSLError);

            }
        };
        this.cordova.getActivity().runOnUiThread(runnable);
        return "";
    }



    public class InAppBrowserClient extends WebViewClient {
        EditText edittext;
        CordovaWebView webView;
        boolean ignoreSSLError = false;


        @Override
        public void onReceivedSslError(WebView view, SslErrorHandler handler,
                                       SslError error) {
            if(this.ignoreSSLError) {
                handler.proceed();
                return;
            }
            else{
                super.onReceivedSslError(view, handler, error);
            }
        }
        public void setSSLErrorFlag(boolean flag) {
            this.ignoreSSLError = flag;
        }

    }
}

THEN ADD THIS LINE IN JAVASCRIPT 

    var options = {
      location: 'yes',
      //clearcache: 'no',
      toolbar: 'yes',
    //clearsessioncache:'no',
          zoom:'no',
          ignoresslerror:'yes'
    };


    $scope.init = function () {
 $ionicPlatform.ready(function() {
 $cordovaInAppBrowser.open('https://192.168.1.80', '_blank', options)
      .then(function(event) {
      })
      .catch(function(event) {
      });
     });

AFTER DONE THIS COMPILE AND EXECUTE THAT IT 

FULL VERSION CODE


Local https links are blocked by default in InAppBrowser (links using a fake SSL certificate that cannot be verified by a third party). Ideally, the user should be given the option to continue or cancel the request, as the default desktop browsers do.

Right now we have an additional method to access fake ssl in InAppBrowser like location, scaling, hardware

+2


source






More articles:


All Articles