ionic build ssl sha1 不发起Ajax请求

 

http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/

 

公司产品在开发发票验证功能,做成类似官网(https://inv-veri.chinatax.gov.cn/)查验功能:相关代码从网站上 参考,官网采用ssl证书认证,手机(只有安卓debug版本可以)不支持,之前一直以为Ajax的问题,一直没往证书上面想,所以耽误很长时间,经高人指点,找到这个解决方案,不最优,但总归先解决了。

 

源文:

Ignoring invalid SSL certificates on Cordova for Android and iOS

written by jc ivancevich

When developing mobile apps, it’s very common that we have to connect to web services or APIs which may be secure (https) but are still under development, so its SSL certificate is not valid or self-signed.

This would happen unless you want to spend a hundred bucks on a wildcard certificate for development environments.

For cases like the mentioned above it’s useful to be able to ignore errorsgenerated by invalid certificates, so we can test the app, install it on any device, etc.

In order to get rid of this problem, the process changes depending on the platform we’re targeting.

iOS (Objective-C / Swift / Cordova)

iOS will always complain about invalid certificates, either in debug or release mode. To avoid this you should place the following code at the end of the AppDelegate.m file.

@implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
    return YES;
}
@end

For Cordova users this file is placed in

project/platforms/ios/Project/Classes/AppDelegate.m

Thanks to @machadogj for this one!


Android (Cordova specific)

In Android the history is different. It will allow you to make requests to services with invalid certificates, but only if the app is compiled in build mode. On the other hand, when you would build the app in release mode(ie: to send the APK to a co-worker or stuff like that), the Cordova Web View, which is where the HTML + CSS + JS you wrote runs, will not allowyou to make “insecure” requests. Once again, to avoid this you should modify a platform file. In this case the file will be CordovaWebViewClient.java

You would need to modify a method in the mentioned filed, like this:

public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
  final String packageName = this.cordova.getActivity().getPackageName();
  final PackageManager pm = this.cordova.getActivity().getPackageManager();

  ApplicationInfo appInfo;
  try {
    appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
    if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
      // debug = true
      handler.proceed();
      return;
    } else {
      // debug = false
      // THIS IS WHAT YOU NEED TO CHANGE:
      // 1. COMMENT THIS LINE
      // super.onReceivedSslError(view, handler, error);
      // 2. ADD THESE TWO LINES
      // ---->
      handler.proceed();
      return;
      // <----
    }
  } catch (NameNotFoundException e) {
    // When it doubt, lock it out!
    super.onReceivedSslError(view, handler, error);
  }
}

This file is placed in (Cordova v4 and below)

project/platforms/android/CordovaLib/src/org/apache/cordova/CordovaWebViewClient.java

Update

In newer versions of Cordova (v5 and later) the file is now placed in

project/platforms/android/CordovaLib/src/org/apache/cordova/engine/SystemWebViewClient.java

That’s all.

One thing I’d like to point at is that you should not use these solutions for production apps. This is just to test them or share them with co-workers.

If you have any comment feel free to drop me a line through the comments below.

Thanks for reading!

 

posted @ 2018-02-01 17:04  dotdotdog  阅读(194)  评论(0编辑  收藏  举报