I'm really struggling to get nativescript to work in the office. That's because of SSL.
The main problem is that the webview does not load any https resources. I tried to open the resources on android chrome it said something along the lines 'connection may not be private/save, certificate cannot be trusted'. I asked an he told me that they have some sort of man in the middle which kinda acts like a virus scanner. We installed a certificate on the device and requesting https resources in Chrome worked fine. Unfortunately it did not work fine in nativescript. It still does not load https resources. I also tried http ones and they work fine.
How do I solve that problem? Why is nativescript still not happy with https even though chrome is?
Can I not just ignore SSL? In node you can do npm set strict-ssl false? for example.
Google Chrome !== WebView In Android, you have to handle the SSL errors yourself within the WebView. You can't compare it with Chrome as it's a fully qualified browser in other hand WebView is a simple component.
Here is how you can extend the WebView to handle SSL errors. If you still have issues, please share the website you are trying to hit.
Related
When loading the site in Safari, I have some images that use a https link, the images do not display on the page, when I open the image URL in the browser, it will not load, saying "Safari can't open the page X because Safari can't establish a secure connection to the server X". This needs to use https links for the images, is there a header or something I can set to allow this to load?
I have tried removing the https, and images load in http, the site we get the images from are used from an API and they they return the image link to use, this does not have an SSL cert on it
not any code, a general question about a setting in Safari if we can avoid using any manual changes that a user will not make on their own.
Expect that the image will load up and thus on the pages that we want to display the images on.
I found a solution to this one here:
https://apple.stackexchange.com/questions/275522/unable-to-load-https-websites-on-safari
The issue is that Safari won't support in older versions the TLS protocol in use in modern-day browsers. I wasn't aware it would be such an old version in use for windows users.
Our iOS application uses a custom protocol (NSURLProtocol) to directly manage loading certain data needed by a UIWebview. This has worked fine until iOS 9 with XCode 7.
Now, since the main site is loaded using HTTPS, the UIWebview throws an error when the custom protocol resource is referenced, because it thinks it's insecure (in fact, it's not, we load it using SSL, just not https://). The app is already built with "Allow Arbitrary Loads" because we have some other things that require that, and I would have thought this inherited the NSTemporaryThirdPartyExceptionAllowsInsecureHTTPLoads, which it seems this is hitting up against, but who knows.
Is there any way to convince iOS 9 that our custom protocol can be accessed from HTTPS? Note - we don't use an iframe or anything like that in the UIWebview - these resources are requested using Ajax/XHR and the app's NSURLProtocol is invoked and takes over loading the data and returning the response.
The custom scheme is also listed in URL Types, but this doesn't seem to change any behavior (in or out, same error). Here's the specific error:
[blocked] The page at https://example.com/path/redacted was not allowed to display insecure content from mycustomprotocol://different.example.com/path/redacted.
EDIT: Downloaded Xcode 6.4, rebuilt the app and it seems to work just fine on iOS 9.x, no issues with the custom protocol. Obviously, this isn't a long-term solution. Hoping someone still has some insight on how to resolve in Xcode 7+.
The problem, I suspect, is that web pages served by https aren't generally allowed to include resources loaded from any URL whose scheme isn't on a specific list of known-secure schemes (at least in newer browsers).
The best way to work around the problem is to rewrite your resource URLs to begin with https: and make them all be within a specific subdomain that you own, and permanently ban any actual web use of that subdomain, then use that to determine whether your URL protocol should handle the URL, rather than using the URL scheme.
With that said, please file a bug and ask for an API to whitelist your custom protocols as "potentially secure" in UIWebView and WKWebView. In this case, it is a reasonable thing to do.
For more info on mixed content, see http://www.w3.org/TR/mixed-content/
I've succesfully installed Jmeter and setup the recording. I added the next config elements: HTTP Cookie Manager, HTTP Cache Manager with clear cache every iteration enabled. I'm using Firefox and Jmeter is recording everything that I do in the browser.
But I have one problem: when I go to pinterest.com I receive a white page with black text. Every other website is working like it suppose, but I want to test only Pinterest. When I try to setup a new account...the same: white page with black text. Something is not loading correctly and I don't know what.
Can someone help me with a hint?
When you to through the proxy, your browser doesn't trust HTTPS traffic anymore, because the proxy replaces the certificates. If your page is a HTTP page that uses HTTPS resources like Style Sheets or JS files, you get what you're describing - a plain black text site on white background - where graphic buttons don't work anymore.
If you use firebug to inspect your traffic, you will see the resources that are not loading because of HTTPS certificate issues. You can either add exceptions to your browser to load these resources, or as #aleix suggested you can use a browser plugin like Blazemeter to record scripts without going through a proxy.
See here for more information.
Thank you all for answering to my problem. I've resolved the issue by importing manually the certificate created by Jmeter in his bin folder to Firefox.
It was, indeed, a https certificate problem, but I'd managed it because of your feedback.
Try blazemeter extension for chrome, is a recorder http request like proxy server of JMeter, and maybe it wil allow you to record correctly in pinterest
I am running a site. Some of its pages are not working in Firefox, but work perfect in Chrome. In Firefox it shows me a gray shield next to the URL and when I click on that shield and manually click on disable protection on this page then my page works fine. So now the problem is that there are many users on my site, and some of them don't know how to do it so I want to handle it on my site so its users don't need to do that.
How can I do it? I Googled and found a setting of Firefox in about:config named security.mixed_content.block_active_content. If we set it to false then it works. So is there a way to do it programmatically or other way so that users just view that page without seeing that shield?
As I understand it, content that is blocked by default by Firefox now is http content that is accessed from an https page. Common types of content that fall foul of this are external stylesheets and images.
As far as I am aware the way to prevent the problem on your site is to make sure that if a page is served by https, any and all other files that it references are also served by https.
Hi Friends,
The reason you see this error in Mozilla Firefox is because your
website is a Mixed Box that is, your website has many internal links
which are not SSL protected.
In order to avoid this error from showing up in Mozilla Firefox you
will have to make sure all the internal links on your website are SSL
protected.
So, Use https:// in your page not http://
I hope I was clear enough in answering your query.
firefox has blocked content that isn't secure means there are some contents on your website are not secure.
I had same issue as my fonts were downloading with http://google.apis.something instead of https
Then I change to //google.apis.something and problem get solved.
To know what is not secure in you website use this link
I am working on a webapplication that uses caching to make it available offline. Everything works fine when running it chrome (offline and online). But when I run it on iPad the links don't work anymore and I get failed to load page everywhere. Removing the caching makes the links work again so it obviously has something to do with the caching. Navigating directly to the seperate pages of the webapp also works fine in Safari, its the link that causes the error. By default all links are loaded with AJAX in jQuery Mobile. Changing this by adding rel="external" also fixes the problem, but obviously I don't want to do that.
To enable caching I added this code: and created a manifest file with ALL the files (scripts, css, images, html). Does anyone know what the problem could be?
I've experienced this as well while working with caching using manifests. What I discovered was that there Chrome has no limits. iPad and iPhone do. This appears to be pretty small, around 5mb. Try removing images as much as possible and using YUI Compressor on your scripts.
Ajax requests can be cached actually, the system doesn't care if the request is by AJAX or normal full request. All you have to do is put the URLs you wanted to retrieve by ajax into the manifest like the rest of the assets.
Hope this helps