We are calling one API which is based on SSL security (HTTPS) and the SSL certificate is configured on Server side. When we are calling that service from Tizen Web Application in Samsung watch, it’s asking a prompt dialog every time to Allow or Deny with the message “There are problems with security certificate for this site net:: ERR_CERT_AUTHORITY_INVALID“.
Now if we allow the API with SSL security is working fine but the problem is this dialog appears every time when service is going to hit.
Here in the screenshot: X sign means Deny and right side means Allow
Can we have any solution to avoid this Prompt to ask for consuming the HTTPS API call.?
We already configured this below configuration in our Project config.xml file:
<access origin="*" subdomains="true"/>
App: Tizen Web Application
Running on: Samsung Galaxy Watch 3
API: HTTPS with GET method type request
It's an issue of Tizen 5.5.0.2, in the next release of the OS it will be fixed
Related
I am trying to debug one third party mobile application, specifically network calls, When I am using fiddler and charles proxy on the first network call itself. the app shows error that client certificate on the device is not trusted and ask me to switch to mobile network instead of wifi. also when I accept the risk using the same network. The app shows that there is no internet connection.
I think the app is able to detect that the ceritificate is not the orignal client cert. and thus throwing the warning. Can I download the website or app HTTPS certificate and put it in PC as well as iPhone just like I did for fiddler root certificate.
Same issue is happening with charles proxy also.
I see that you are using an iPhone, have you looked at About/Certificate Trust Settings and enabled the full trust switch after installing the (Charles) certificate?
I have an app that calls API request from the server that works perfectly before adding developer signing Cert.
After enabling the Developer Signing, i always get failure server request
finished with error - code: -1003
any idea why i get this?
Thanks you in advance
I already know why i get the issue. My App request from server and it is sandboxed. I need to enable the Outgoing Connections insdie the Capabilities>App Sandbox to successfully request from server
As per apple docs Like here
you need the Outbound Connection capability because the app is
initiating the connection. An app acting as a server would require the
Inbound Connection entitlement.
I made a home automation controller which embedded a web server inside to let users to control their equipments through web interface and API. I was also making an Apple Watch app since OS1 mainly retrieves user ID and password from iPhone then download a plist from the controller and display the information. I rely on NSURLSession to get the plist through LAN to the controller, however since Watch OS2 NSURLSession only allow https connection that my home automation controller cannot provide. In this case any alternative way to let Apple Watch to get the plist from the controller?
Thanks!
Like iOS 9, watchOS 2 uses App Transport Security to enforce secure connections.
Starting in iOS 9.0 and OS X v10.11, a new security feature called App Transport Security (ATS) is available to apps and is enabled by default. It improves the privacy and data integrity of connections between an app and web services by enforcing additional security requirements for HTTP-based networking requests. Specifically, with ATS enabled, HTTP connections must use HTTPS (RFC 2818). Attempts to connect using insecure HTTP fail.
Since the web server is under your control, the proper approach would be to enable secure HTTPS connections on your server.
If you can't or won't enable that, you could circumvent the security that iOS/watchOS enforces, by adding the appropriate NSAppTransportSecurity keys to your (watchKit extension's) Info.plist.
This would allow an insecure connection from the watch to your server.
I'm new to azure mobile services development and any help will be greatly appreciated.
I have created sample mobile service application and could successfully launch and debug it locally. As a next step I've added google authentication. Everything works fine when the service is Published and running in the cloud. But, I could not make the service to run locally so that I can debug the service for cases when the user is authenticated.
So for I have wrestled with IIS Express and made it work with HTTPS on port 44300. But Google authentication services complained because of redirect URLs mismatch, even though I've added https://localhost:44300/signin-google to redirect list.
I feel like I'm not doing something correct here. Something does not make me believe that debugging locally is not possible.
Thanks,
Ruben
Is possible to debug in localhost, but the google/facebook/Microsoft authentication should not be tested, because it is provided out-of-the-box by Azure Mobile Service team.
you should configure it in Azure Portal and then you should implement it in your application like documentation provides.
The following resources has the references to the Authentication articles:
Azure Mobile Services for Client Apps
I have a PhoneGap App running on WP7 that I would like to connect to a Windows Azure Mobile Service. However, in order for this to work in my testing using JSFiddle.net I had to add the JSFiddle domain to the CORS settings in the Windows Azure Mobile Service.
Why do I need to add domains to the CORS setting on the server when doing a simple GET?
Since the Mobile Service requires a key from the JavaScript code I don't see why I cannot open up this web service to any request that supplies the correct key but adding . does not seem to work. If this worked I could move on to testing the scenario on the Phone.
Am I missing something architecturally here or is this just a feature that no-one else is looking for?!
If you want to allow any domain to access your mobile service, you can add the * in the list of cross-origin resource sharing hostnames under the configure tab.
Notice that the application key is not secure. From the 'How to use an HTML/JavaScript client for Windows Azure Mobile Services' tutorial (emphasis mine):
Application key: A unique value that is generated by Mobile Services, distributed with your app, and presented in client-generated requests. While useful for limiting access to your mobile service from random clients, this key is not secure and should not be used to authenticate users of your app.
The takeaway is that you should not count on that key to secure your service.