flutter_web_auth icon indicating copy to clipboard operation
flutter_web_auth copied to clipboard

Published 20 hours ago verified publisher icon LinusU

How to proceed when receive SSL error?

Open mdmota opened this issue 4 years ago • 4 comments

With the webview_flutter plugin I handled this by overriding:

public override void OnReceivedSslError(Android.Webkit.WebView view, Android.Webkit.SslErrorHandler handler, Android.Net.Http.SslError error)
            {
                handler.Proceed();
            }

Any alternative to this plugin?

mdmota avatar Jun 08 '20 14:06 mdmota

If I understand correctly you can allow bad certificate errors by using HttpOverrides globally like this, You can tweak it for the hosts you want to bypass if you don't want to bypass for all of them.

Alternatively you can specify the certificates you want to allow by using this.

anotherglitchinthematrix avatar Jun 12 '20 12:06 anotherglitchinthematrix

With the webview_flutter plugin I handled this by overriding:

public override void OnReceivedSslError(Android.Webkit.WebView view, Android.Webkit.SslErrorHandler handler, Android.Net.Http.SslError error)
            {
                handler.Proceed();
            }

Any alternative to this plugin?

Hello @mdmota, I get the exact same issue with client certificates. How did you managed to override native code ? Must I fork the all "plugins" flutter repository ? Is there any other way to override it ?

I'm searching for an other way to bypass this error too. Did you tried anything else that worked ?

PiotrFLEURY avatar Jul 02 '20 15:07 PiotrFLEURY

With the webview_flutter plugin I handled this by overriding:

public override void OnReceivedSslError(Android.Webkit.WebView view, Android.Webkit.SslErrorHandler handler, Android.Net.Http.SslError error)
            {
                handler.Proceed();
            }

Any alternative to this plugin?

Hello @mdmota, I get the exact same issue with client certificates. How did you managed to override native code ? Must I fork the all "plugins" flutter repository ? Is there any other way to override it ?

I'm searching for an other way to bypass this error too. Did you tried anything else that worked ?

I solved it by changing the native code of the webview_flutter plugin. Enter this code for Android in FlutterWebViewClient.java:

 @Overview
      public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) {
        handler.proceed ();
      }

For iOS FLTWKNavigationDelegate.m:

- (empty) webView: (WKWebView *) webView
    didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *) challenge
                    ConclusionHandler: (void (^) (NSURLSessionAuthChallengeDisposition,
                                                NSURLCredential * _Nullable)) conclusionHandler {
    if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
        NSURLCredential * credential = [[NSURLCredential allocation] initWithTrust: [protectionSpace challenge] .serverTrust];
        conclusionHandler (NSURLSessionAuthChallengeUseCredential, credential);
    }
    other{
        conclusionHandler (NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);
    }
}

mdmota avatar Jul 03 '20 14:07 mdmota

Hmm, I'm very hesitant to add this support in as a feature, it seems a bit dangerous 🤔

What is the use case for this?

LinusU avatar Sep 07 '21 15:09 LinusU