{
"id": "146428",
"key": "TIMOB-19618",
"fields": {
"issuetype": {
"id": "2",
"description": "A new feature of the product, which has yet to be developed.",
"name": "New Feature",
"subtask": false
},
"project": {
"id": "10153",
"key": "TIMOB",
"name": "Titanium SDK/CLI",
"projectCategory": {
"id": "10100",
"description": "Titanium and related SDKs used in application development",
"name": "Client"
}
},
"fixVersions": [
{
"id": "20238",
"description": "",
"name": "Release 7.5.0",
"archived": false,
"released": true,
"releaseDate": "2018-11-15"
}
],
"resolution": {
"id": "1",
"description": "A fix for this issue is checked into the tree and tested.",
"name": "Fixed"
},
"resolutiondate": "2018-08-24T01:50:14.000+0000",
"created": "2015-03-31T09:40:02.000+0000",
"priority": {
"name": "Critical",
"id": "1"
},
"labels": [],
"versions": [
{
"id": "16919",
"description": "Critical updates",
"name": "Release 4.1.1",
"archived": true,
"released": true,
"releaseDate": "2015-07-15"
}
],
"issuelinks": [
{
"id": "56686",
"type": {
"id": "10001",
"name": "Cloners",
"inward": "is cloned into",
"outward": "is cloned from"
},
"inwardIssue": {
"id": "171943",
"key": "TIMOB-26219",
"fields": {
"summary": "Windows : Implement Ti.UI.WebView.mixedContentMode ",
"status": {
"description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.",
"name": "Closed",
"id": "6",
"statusCategory": {
"id": 3,
"key": "done",
"colorName": "green",
"name": "Done"
}
},
"priority": {
"name": "Medium",
"id": "3"
},
"issuetype": {
"id": "2",
"description": "A new feature of the product, which has yet to be developed.",
"name": "New Feature",
"subtask": false
}
}
}
}
],
"assignee": {
"name": "gmathews",
"key": "gmathews",
"displayName": "Gary Mathews",
"active": true,
"timeZone": "America/Los_Angeles"
},
"updated": "2018-08-24T01:50:18.000+0000",
"status": {
"description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.",
"name": "Closed",
"id": "6",
"statusCategory": {
"id": 3,
"key": "done",
"colorName": "green",
"name": "Done"
}
},
"components": [
{
"id": "10202",
"name": "Android",
"description": "Android Platform"
}
],
"description": "Android 5 (21) adds WebSettings.setMixedContentMode to control how mixed content is handled (https that contains inlined http).\r\nNeed to add access to this.\r\nhttps://developer.android.com/reference/android/webkit/WebSettings#setMixedContentMode(int)\r\n\r\nDescription: \r\nImages doesn't load in webview if they are hosted on http server!\r\nE.g. if you assign webview url property to https://blogs-dev.vmware.com/vov/authors/\r\nSome images get load properly but some which are hosted on http server or have http://xyz path they are not getting loaded.\r\n\r\nTest code:\r\n{code:xml}\r\n\r\n\r\n \r\n\r\n\r\n{code}\r\n\r\nError Log:\r\n{code}\r\n[INFO] : I/TiWebChromeClient.console: (main) [111,16675] Mixed Content: The page at 'https://blogs.vmware.com/vov/authors/#' was loaded over HTTPS, but requested an insecure image 'http://blogs.vmware.com/vov/files/2018/02/boney-francis.jpg'. This request has been blocked; the content must be served over HTTPS. (0:https://blogs.vmware.com/vov/authors/#)\r\n[INFO] : I/TiWebChromeClient.console: (main) [1,16676] Mixed Content: The page at 'https://blogs.vmware.com/vov/authors/#' was loaded over HTTPS, but requested an insecure image 'http://blogs.vmware.com/vov/files/2018/03/Jerry_Griffin.png'. This request has been blocked; the content must be served over HTTPS. (0:https://blogs.vmware.com/vov/authors/#)\r\n[INFO] : I/TiWebChromeClient.console: (main) [0,16676] Mixed Content: The page at 'https://blogs.vmware.com/vov/authors/#' was loaded over HTTPS, but requested an insecure image 'http://blogs.vmware.com/vov/files/2017/11/Bask-Iyer-170x170.jpg'. This request has been blocked; the content must be served over HTTPS. (0:https://blogs.vmware.com/vov/authors/#)\r\n[INFO] : I/TiWebChromeClient.console: (main) [1,16677] Mixed Content: The page at 'https://blogs.vmware.com/vov/authors/#' was loaded over HTTPS, but requested an insecure image 'http://blogs.vmware.com/vov/files/2018/05/ankur.jpg'. This request has been blocked; the content must be served over HTTPS. (0:https://blogs.vmware.com/vov/authors/#)\r\n[INFO] : I/TiWebChromeClient.console: (main) [1,16678] Mixed Content: The page at 'https://blogs.vmware.com/vov/authors/#' was loaded over HTTPS, but requested an insecure image 'http://blogs.vmware.com/vov/files/2018/03/romy-kaura.png'. This request has been blocked; the content must be served over HTTPS. (0:https://blogs.vmware.com/vov/authors/#)\r\n{code}\r\n\r\nTest Environment: \r\n{code}\r\n\r\nAndroid 8.0, Android 6.0\r\nOperating System\r\n Name = Microsoft Windows 10 Pro\r\n Version = 10.0.16299\r\n Architecture = 32bit\r\n # CPUs = 4\r\n Memory = 17091956736\r\nNode.js\r\n Node.js Version = 8.9.1\r\n npm Version = 5.5.1\r\nTitanium CLI\r\n CLI Version = 5.1.0\r\nTitanium SDK\r\n SDK Version = 7.1.0.GA, 6.3.0.GA\r\n\r\n{code}\r\n\r\nThanks ",
"attachment": [],
"flagged": false,
"summary": "Android : add mixed content control to webview ",
"creator": {
"name": "buddyguards",
"key": "buddyguards",
"displayName": "grebulon",
"active": true,
"timeZone": "Asia/Jerusalem"
},
"subtasks": [],
"reporter": {
"name": "buddyguards",
"key": "buddyguards",
"displayName": "grebulon",
"active": true,
"timeZone": "Asia/Jerusalem"
},
"environment": "Operating System\r\n Name = Microsoft Windows 10 Pro\r\n Version = 10.0.16299\r\n Architecture = 32bit\r\n # CPUs = 4\r\n Memory = 17091956736\r\nNode.js\r\n Node.js Version = 8.9.1\r\n npm Version = 5.5.1\r\nTitanium CLI\r\n CLI Version = 5.1.0\r\nTitanium SDK\r\n SDK Version = 7.1.0.GA, 6.3.0.GA",
"closedSprints": [
{
"id": 1058,
"state": "closed",
"name": "2018 Sprint 16 SDK",
"startDate": "2018-07-29T22:26:06.486Z",
"endDate": "2018-08-12T22:26:00.000Z",
"completeDate": "2018-08-13T17:38:16.757Z",
"originBoardId": 114
},
{
"id": 1053,
"state": "closed",
"name": "2018 Sprint 15 SDK",
"startDate": "2018-07-15T21:52:05.453Z",
"endDate": "2018-07-29T21:52:00.000Z",
"completeDate": "2018-07-29T22:25:11.723Z",
"originBoardId": 114
}
],
"comment": {
"comments": [
{
"id": "429808",
"author": {
"name": "max87",
"key": "max87",
"displayName": "Marian Kucharcik",
"active": true,
"timeZone": "Europe/Prague"
},
"body": "Hi guys,\r\nI get this error:\r\nMixed Content: The page at 'https:// was loaded over HTTPS, but requested an insecure image. This request has been blocked; the content must be served over HTTPS.\r\n\r\nWebview cannot load website properly.\r\nCan you please look at it?\r\nThanks",
"updateAuthor": {
"name": "max87",
"key": "max87",
"displayName": "Marian Kucharcik",
"active": true,
"timeZone": "Europe/Prague"
},
"created": "2017-10-30T08:10:02.000+0000",
"updated": "2017-10-30T08:10:02.000+0000"
},
{
"id": "437940",
"author": {
"name": "shumne",
"key": "shumne",
"displayName": "shumne",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "Hi Guys,\r\nAny updates on this one!",
"updateAuthor": {
"name": "shumne",
"key": "shumne",
"displayName": "shumne",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-05-25T06:41:39.000+0000",
"updated": "2018-05-25T06:41:39.000+0000"
},
{
"id": "438405",
"author": {
"name": "shumne",
"key": "shumne",
"displayName": "shumne",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "Hi Guys,\r\nThis has been open and critical for a long time. Are we going to do anything about this?",
"updateAuthor": {
"name": "shumne",
"key": "shumne",
"displayName": "shumne",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-06-14T06:19:20.000+0000",
"updated": "2018-06-14T06:19:20.000+0000"
},
{
"id": "439319",
"author": {
"name": "jquick",
"key": "jquick",
"displayName": "Joshua Quick",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "Everyone,\r\n\r\nIf a web page is loaded via \"https\", then it's considered a security issue if you load content via \"http\" within that \"https\" loaded page. Particularly for http iframes. Desktop web browsers do not normally allow this unless you go out of your way to enable it.\r\n\r\nNow, I don't mind us providing a property to allow mixed https/http content on Android. It should be disabled by default because it is security issue. However, it does not appear that the native iOS {{WKWebViews}} supports mixed content (native {{UIWebViews}} are now deprecated). So, this would be a portability issue... where the only solution would be to move the http content to https.",
"updateAuthor": {
"name": "jquick",
"key": "jquick",
"displayName": "Joshua Quick",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-07-18T20:39:16.000+0000",
"updated": "2018-07-18T20:39:16.000+0000"
},
{
"id": "439321",
"author": {
"name": "gmathews",
"key": "gmathews",
"displayName": "Gary Mathews",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "On iOS you can enable HTTP access for specific domains by adding this to your tiapp.xml:\r\n{code:xml}\r\nNSAppTransportSecurity\r\n\r\n\tNSAllowsArbitraryLoads\r\n\t\r\n\tNSExceptionDomains\r\n\t\r\n\t\tvmware.com\r\n\t\t\r\n\t\t\tNSExceptionAllowsInsecureHTTPLoads\r\n\t\t\t\r\n\t\t\tNSIncludesSubdomains\r\n\t\t\t\r\n\t\t\r\n\t\r\n\r\n{code}",
"updateAuthor": {
"name": "gmathews",
"key": "gmathews",
"displayName": "Gary Mathews",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-07-18T21:56:21.000+0000",
"updated": "2018-07-18T23:34:41.000+0000"
},
{
"id": "439323",
"author": {
"name": "gmathews",
"key": "gmathews",
"displayName": "Gary Mathews",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "master: https://github.com/appcelerator/titanium_mobile/pull/10186",
"updateAuthor": {
"name": "gmathews",
"key": "gmathews",
"displayName": "Gary Mathews",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-07-18T23:08:07.000+0000",
"updated": "2018-07-18T23:08:07.000+0000"
},
{
"id": "439329",
"author": {
"name": "hknoechel",
"key": "hansknoechel",
"displayName": "Hans Knöchel",
"active": true,
"timeZone": "Europe/Berlin"
},
"body": "[~gmathews] iOS actually allows it by default already, since the {{NSAllowsArbitraryLoads}} setting is enabled:\r\n{code:xml}\r\nNSAllowsArbitraryLoads\r\n\r\n{code}\r\nThis works with both UIWebView (currently used on iOS) and WKWebView (used in SDK 8+).",
"updateAuthor": {
"name": "hknoechel",
"key": "hansknoechel",
"displayName": "Hans Knöchel",
"active": true,
"timeZone": "Europe/Berlin"
},
"created": "2018-07-19T06:50:23.000+0000",
"updated": "2018-07-19T06:50:23.000+0000"
},
{
"id": "439331",
"author": {
"name": "vijaysingh",
"key": "vijaysingh",
"displayName": "Vijay Singh",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "[~hknoechel] is correct. Only if developer forcefully set key 'NSAllowsArbitraryLoads' to 'false' in tiapp.xml, then only key 'NSExceptionDomains' and corresponding value need to be added. Otherwise it allows for all domains.",
"updateAuthor": {
"name": "vijaysingh",
"key": "vijaysingh",
"displayName": "Vijay Singh",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-07-19T07:42:14.000+0000",
"updated": "2018-07-19T07:42:14.000+0000"
},
{
"id": "439347",
"author": {
"name": "gmathews",
"key": "gmathews",
"displayName": "Gary Mathews",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "[~hknoechel] [~vijaysingh] Oh nice!",
"updateAuthor": {
"name": "gmathews",
"key": "gmathews",
"displayName": "Gary Mathews",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-07-19T17:29:48.000+0000",
"updated": "2018-07-19T17:29:48.000+0000"
},
{
"id": "440688",
"author": {
"name": "smohammed",
"key": "smohammed",
"displayName": "Samir Mohammed",
"active": true,
"timeZone": "America/Los_Angeles"
},
"body": "*Closing ticket.* Verified feature in SDK version: {{7.4.0.v20180810061237}}\r\n\r\n*FR Passed (Test Steps):*\r\n# Created a titanium application with the test case below\r\n{code:java}\r\nconst win = Ti.UI.createWindow({ backgroundColor: 'gray' }),\r\n webView = Ti.UI.createWebView({\r\n url: 'https://www.bennish.net/mixed-content.html',\r\n mixedContentMode: true\r\n });\r\n\r\nwin.add(webView);\r\nwin.open();\r\n{code}\r\n# Ran the program\r\n# Able to see http content e.g. sound clips, iframes, images, videos \r\n\r\n*Test Environment*\r\n{code:java}\r\nAPPC Studio: 5.0.0.201712081732\r\nAPPC CLI: 7.0.4\r\nNexus 6p Emulator (7.1)\r\nOperating System Name: Mac OS High Sierra\r\nOperating System Version: 10.13\r\nNode.js Version: 8.9.1\r\nXcode 9.2\r\n{code}\r\n",
"updateAuthor": {
"name": "smohammed",
"key": "smohammed",
"displayName": "Samir Mohammed",
"active": true,
"timeZone": "America/Los_Angeles"
},
"created": "2018-08-13T11:01:09.000+0000",
"updated": "2018-08-13T11:01:09.000+0000"
}
],
"maxResults": 15,
"total": 15,
"startAt": 0
}
}
}