发表新帖
发表新帖

Android WebView blocks redirect from https to http

前端 未结
关注
4 2056
爱一瞬间的悲伤
爱一瞬间的悲伤 2020-12-28 19:30

I have a solution where my Android WebView needs to first open a https url, then it will be redirected to a http url (it might be trying a http POST from the https site). Th

相关标签:
4条回答
  • 陌清茗
    2020-12-28 19:44

    You can ignore ssl error by overriding onReceivedSslError() method.

    @Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
    handler.proceed(); // Ignore SSL certificate errors
}

    Hope it will be work for you.

    0 讨论(0)
  • 孤独总比滥情好
    2020-12-28 19:53

    Its worked for me 

     AlertDialog.Builder builder = new AlertDialog.Builder(MainActivity.webView.getContext());
  AlertDialog alertDialog = builder.create();
  String message = "Certificate error.";
  switch (error.getPrimaryError()) {
     case SslError.SSL_UNTRUSTED:
        message = "The certificate authority is not trusted.";
        break;
     case SslError.SSL_EXPIRED:
        message = "The certificate has expired.";
        break;
     case SslError.SSL_IDMISMATCH:
        message = "The certificate Hostname mismatch.";
        break;
     case SslError.SSL_NOTYETVALID:
        message = "The certificate is not yet valid.";
        break;
  }
  message += " Do you want to continue anyway?";
  alertDialog.setTitle("SSL Certificate Error");
  alertDialog.setMessage(message);
  alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", new DialogInterface.OnClickListener() {

     public void onClick(DialogInterface dialog, int which) {
        Log.d("CHECK", "Button ok pressed");
        // Ignore SSL certificate errors
        handler.proceed();
     }
  });
  alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", new DialogInterface.OnClickListener() {

     public void onClick(DialogInterface dialog, int which) {
        Log.d("CHECK", "Button cancel pressed");
        handler.cancel();
     }
  });
  alertDialog.show();
    0 讨论(0)
  • 遇见更好的自我
    2020-12-28 20:02

    From my research I don't think it is possible to disable this feature. I will support https in both sites instead. Safest anyway.

    0 讨论(0)
  • 北海茫月
    2020-12-28 20:04

    There was a change in default WebView settings for mixed http/https content in Lollipop (API 20). See https://datatheorem.github.io/android/2014/12/20/webviews-andorid-lollipop/ for more details.

    To allow https to redirect to http you need to set the mixed content mode to MIXED_CONTENT_ALWAYS_ALLOW

     if (Build.VERSION.SDK_INT >= 21) {
        webview.getSettings().setMixedContentMode( WebSettings.MIXED_CONTENT_ALWAYS_ALLOW );
    }

    Note that setting MIXED_CONTENT_ALWAYS_ALLOW is bad from security point of view, and as you note in your answer, it is better to support https on both sites.

    But for those that don't have control over the sites, this should work.

    0 讨论(0)
 看不清?
提交回复
热议问题