Feature
Expose the onReceivedSslError method of the web view on Android so that developers can handle what happens when an SSL certificate is rejected.
Why
The default behavior is to reject any SSL certificate that doesn't validate. By exposing this, the developer could ask the user if they want to proceed.
Sample Code
The following could utilize this feature. I bet there's a better way to expose the SSLError constants.
var window = Ti.UI.createWindow({
backgroundColor:'#fff'
});
var webView = Ti.UI.createScrollView({
width: 320, height: 480,
contentWidth: 2000
});
webView.addEventListener('onReceivedSslError', function(evt) {
// What error happened? Check the constants. These are taken from the following URL:
// http://developer.android.com/reference/android/net/http/SslError.html
switch (evt.error) {
case evt.SSL_EXPIRED:
break;
case evt.SSL_IDMISMATCH:
break;
case evt.SSL_MAX_ERROR:
break;
case evt.SSL_NOTYETVALID:
break;
case evt.SSL_UNTRUSTED:
break;
}
// Should we proceed?
evt.handler.proceed();
});
window.add(webView);
window.open();
Relevant Documentation
http://developer.android.com/reference/android/webkit/WebViewClient.html#onReceivedSslError(android.webkit.WebView, android.webkit.SslErrorHandler, android.net.http.SslError)
Associated Helpdesk Ticket
http://appc.me/c/APP-235542
Stephen and Marshall need to add this to their parity meeting.
We can do this on Android, but iOS doesn't currently allow programmatic interaction with WebView (though it should be possible w/ XHR).
There are many requests in the community Q&A for this feature or similarly expose a validatesSecureCertificate property as the HTTPClient object. This is a very common scenario where you have a self signed certificate during development, or the certificate is not from a part on Android's list of trusted CAs. Is there a planned fix for this?
This is a very common request on as to how to handle SSL error from Titanium. We are able to do it in Android native. The link is also provided in the JIRA. Is there any update from Appcelerator as to when can the developers expect a solution or is there any workaround for this currently.
Added new event sslerror https://github.com/appcelerator/titanium_mobile/pull/5224
Test case
var window = Ti.UI.createWindow({ backgroundColor:'#fff' }); var webView = Ti.UI.createWebView({ backgroundColor:'white', url:'https://certs.cac.washington.edu/CAtest/' }); webView.addEventListener('sslerror', function(evt) { Ti.API.info("sslerror"); //Comment below line to fail webView.ignoreSslError = true; }); window.add(webView); window.open();We are concerned this might have parity issues with iOS, and how it interacts with the property to ignoreSSLError. We need to investigate further before accepting this PR.
Verified the issue with environment: Appc-Studio:3.3.0.201404211130 sdk:3.3.0.v20140423155715 acs:1.0.14 alloy:1.4.0-dev npm:1.3.2 titanium:3.3.0-dev titanium-code-processor:1.1.1-beta1 xCODE:5.1.1 Device:Iphone5(7.1),Nexus7(v4.4.2) Used the code given by Sunila On Android the "sslerror" event for webView is working fine. But it is not working fine on iOS. Have logged separate issue for it TIMOB-16880 Hence marking this issue as verified and closed.