cordova-plugin-ionic-webview

cordova-plugin-ionic-webview copied to clipboard

With the --ssl flag now an experimental feature of the Ionic CLI (https://github.com/ionic-team/ionic-cli/issues/3305), devs are able to use livereload using an HTTPS server. This is mostly to test/develop features involving geolocation with livereload.

Right now, livereload with --ssl works on Android, but iOS doesn't accept the self-signed certificate, failing to load with the following error:

2018-11-15 15:32:09.330613-0600 MyApp[12366:179859] Failed to load webpage with error: The certificate for this server is invalid. You might be connecting to a server that is pretending to be "10.0.0.123" which could put your confidential information at risk.

I'd like to voice my strong support for this. I have over 20,000 users for my mobile app and they all use self-signed certificates - most of them run VPN clients on their phone, and the server in question, ZoneMinder installs by default using self-signed certs. A lot of these users don't use (or want) DNS names so free solutions like LetsEncrypt don't apply.

I have currently forked this repo to add that support but would love it to be integrated. This is not just some development use-case for live-reload. For me, it is a primary deployment use.

hello , the same problem .have you resolved it ?

@menglol Yes, someone else (Peter Stegnar) had implemented the fix and I just applied it. The forked repo is here. Specifically, this is the change that needs to be applied.

@pliablepixels thanks very much,and i've tried ,changed the CDVWKWebViewEngine.m the same with your file, but still not work ,so any other file need modify? like *.p-infolist or config.xml?

@menglol yes, you also need the following:

• Add NSAllowsArbitraryLoads to your plist. I do it this way using this plugin, but cordova now has native support for custom configs - you may want to use its inbuilt feature. (For some reason, the native config-file approach was not working, so I went back to this plugin and did not investigate)
• You also need to provide an explanation to Apple in the app review notes to let them know why you need to enable this flag as per their documentation, a reason is required.

In my case,I just told them my app works with 3rd party self-installed servers, therefore no common domain or DNS , there is no central cloud version and it is impossible for me to dictate terms to them. Also told them the server in question is installed by default with self signed certificates. They had no problem in accepting it.

@pliablepixels thanks very much and appreciate your great help ,and i will check it as your say. best regards and merry chrismas

resolved,thank again for your help!

@pliablepixels have you managed to resolve the same issue on Android? Also one further question have you looked at all at playing audio/video with self signed ssl? The fix linked resolves the issue for general XHR calls and loading calls within the webview but the native avplayer avaudioplayer etc seem to have the same block built into them and I am struggling to find a way to bypass it.

@ghenry22 no, I gave up on trying to make WkWebView work on Android for exactly the same reasons you sight (my install base uses self signed certificates and playing videos would not work in Android). I now have a build script that removes WKWebView in Android and puts it back for iOS. If you figure it out, please let me know.

Hi guys,

Even on Android, the self signed certificate fails. Accessing the address from chrome, I have the option to "proceed anyway". But on webview (cordova) it doesn't proceed and doesn't show the option to proceed. I'm on Android 8. when not using SSL, it don't load saying that ssl is required :-(

@iget-master if you read the comments above, there are suggested workarounds.

@pliablepixels sorry, my problem is not with iOS, actually is with Android, the workarounds doesn't solve it.

To help who is locked out with same problem then me:

Ionic cli have a command ssl that allows to generate a certificate:

$ ionic ssl g

This will write the certificates on .ionic/ssl directory and use from there.

Now you can go to your android device and trust the certificate (on settings, location depends on what flavor)

Refer this http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/

Refer this http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/

This seems not to be working for me. I added the lines to appdelegate.m and rebuild the app, running in simulator the app won't connect to the server with the self signed certificate.

Refer this http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/

This seems not to be working for me. I added the lines to appdelegate.m and rebuild the app, running in simulator the app won't connect to the server with the self signed certificate.

That solution is for UIWebView, it will not work with WKWebView.

Any idea how to do so with WKWebView?

I have IoT device with API (self signed certificate) and need to call it - there is no way I can use trusted certificate. Is there like a way to trust this certificate on the phone or will I need a workaround with WKWebView?

Any idea how to do so with WKWebView?

I have IoT device with API (self signed certificate) and need to call it - there is no way I can use trusted certificate. Is there like a way to trust this certificate on the phone or will I need a workaround with WKWebView?

You can install the certificate on the device. Rough instructions are here, your path to get the cert file on the device will be different: https://help.clouduss.com/ws-knowledge-base/installing-an-ssl-certificate-on-i-os-13

Most of us don't have control of the client devices so we can't expect users to do that but it might be suitable for your situation. The only way I've been successful is to fork the WebView plugin and modify it to trust all certs.

Well, I tried something like that but that self singed certificate is not a CA. After installing certificate as profile I still have red "Not Verified". and there is no "Enable full trust for root certificates" section in "Certificate Trust Settings"

Yup I was going to say the same thing. I recall trying that several months ago and installing the self signed cert did not help. I've continued to use the forked version, which works. I do wish the ionic team considered merging this simple feature - there are still many use cases of self signed certs.

Well, I tried something like that but that self singed certificate is not a CA. After installing certificate as profile I still have red "Not Verified". and there is no "Enable full trust for root certificates" section in "Certificate Trust Settings"

hey, im still having the same problem trying to run ionic --ssl on IOS. Some features need the secure context (https), and i can't manage to bypass the certificate verification on ios. Anyone with the same issue still ?