Reputation: 2457
How can load https url without use of ssl in android webview
I have Marked one problem on Playstore and google send the mail my app is unsafe because use of SSL.
Currently in my application I have one webview which is load link and it contains https url.
on web settings I'm doing like this:
web.setWebViewClient(new SSLTolerentWebViewClient());
to ignore ssl certificate I use following code but because of ignoring certificate playstore showing my app is unsafe
private class SSLTolerentWebViewClient extends WebViewClient {
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed(); // Ignore SSL certificate errors
}
}
Can anyone one suggest me how can I do this so my WebView can handle https url and Playstore not mark my app as unsafe?
Upvotes: 13
Views: 28437
Answers (3)
Reputation: 353
Just for future reference or for anyone else that is facing the same problem! Using Xamarin Forms.
It works, here is the full code I used. It also fixes another bug where the Scroll of the WebView is not working anymore when using Xamarin Shell.
using System;
using Android.Content;
using Android.Views;
using Mobile.Droid.Render;
using Xamarin.Forms;
using Xamarin.Forms.Platform.Android;
[assembly: ExportRenderer(typeof(WebView), typeof(MyWebViewRenderer))]
namespace Mobile.Droid.Render
{
public class MyWebViewRenderer : WebViewRenderer
{
public MyWebViewRenderer(Context context) : base(context)
{
}
public override bool DispatchTouchEvent(MotionEvent e)
{
Parent.RequestDisallowInterceptTouchEvent(true);
return base.DispatchTouchEvent(e);
}
protected override void OnElementChanged(ElementChangedEventArgs<Xamarin.Forms.WebView> e)
{
base.OnElementChanged(e);
// Setting the background as transparent
this.Control.SetBackgroundColor(Android.Graphics.Color.Transparent);
if (e.OldElement == null)
{
Control.SetWebViewClient(new MyFormsWebViewClient(this));
}
}
internal class MyFormsWebViewClient : FormsWebViewClient
{
MyWebViewRenderer _renderer;
public MyFormsWebViewClient(MyWebViewRenderer renderer) : base(renderer)
{
_renderer = renderer;
}
public override void OnReceivedSslError(Android.Webkit.WebView view, Android.Webkit.SslErrorHandler handler, Android.Net.Http.SslError error)
{
handler.Proceed();
}
public override void OnPageFinished(Android.Webkit.WebView view, string url)
{
base.OnPageFinished(view, url);
}
public override void OnLoadResource(Android.Webkit.WebView view, string url)
{
base.OnLoadResource(view, url);
}
}
}
}
Upvotes: 3
Reputation: 15
Try linking to webpage with http rather than https. This will probably redirect to the https site. You will not need to code to ignore the security certificate.
Upvotes: -4
Reputation: 2252
To Solve Google Play Warning: WebViewClient.onReceivedSslError handler
Not Always force to handler.proceed(); but you have to also include handler.cancel(); so user can avoid unsaif content from loading.
To Handle unsafe implementation of the WebViewClient.onReceivedSslError handler
use the following code
webView.setWebViewClient(new SSLTolerentWebViewClient());
webView.loadUrl(myhttps url);
and
private class SSLTolerentWebViewClient extends WebViewClient {
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
AlertDialog.Builder builder = new AlertDialog.Builder(Tab1Activity.this);
AlertDialog alertDialog = builder.create();
String message = "SSL Certificate error.";
switch (error.getPrimaryError()) {
case SslError.SSL_UNTRUSTED:
message = "The certificate authority is not trusted.";
break;
case SslError.SSL_EXPIRED:
message = "The certificate has expired.";
break;
case SslError.SSL_IDMISMATCH:
message = "The certificate Hostname mismatch.";
break;
case SslError.SSL_NOTYETVALID:
message = "The certificate is not yet valid.";
break;
}
message += " Do you want to continue anyway?";
alertDialog.setTitle("SSL Certificate Error");
alertDialog.setMessage(message);
alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
// Ignore SSL certificate errors
handler.proceed();
}
});
alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.cancel();
}
});
alertDialog.show();
}
}
Upvotes: 35
Related Questions
- How can you get the build/version number of your Android application?
- How can I access my localhost from my Android device?
- How can I close/hide the Android soft keyboard programmatically?
- How can I disable landscape mode in Android?
- How can I open a URL in Android's web browser from my application?
- Why is the Android emulator so slow? How can we speed up the Android emulator?
- How to load an ImageView by URL in Android?
- How to lazy load images in ListView in Android
- Android WebView load https url results in blank screen
- Xamarin.Forms android WebView blank for no valid SSL certificate (develop environment)