I have an application where the html/javascript code executes fine in a standalone browser safari, but when the ajax calls are executed in PhoneGap, they all fail with the Network Error 101.
I am requesting XML documents
Yes.
BUT, it does not gracefully handle certificate errors with the HTTPS protocol. I ended up writing my own code to establish the initial connection with the server and ignore the cert errors
here is the code
http://blog.clearlyinnovative.com/post/1012434483/phonegap-and-iphone-development
Phonegap does support HTTPS ajax requests, but like Aaron mention it does not gracefully handle certificate errors. In my case, we have valid certs in our production environment; but for our dev environment we overrode one of the NSUrl methods:
#implementation NSURLRequest (IgnoreSSL)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
#end
This has been tested with phonegap 1.7(and 1.9) and it worked well. You can put this code in your MainViewController.m.
Note that I recommend this code only for development environment. This most likely will not be accepted by the app store; since we are overriding a private api. Just use valid certs in production.
Related
I am creating the iOS app that uses rest API's that is hosted on HTTPS. This domain have valid CA approved certificate for SSL and TLS. But when I make a NSURL request from my app it works fine first time but after half an hour when I will make NSURL Request it returns NSURL Error -1012.
I also tried to handle Authentication Challenges and TLS Chain Validation using the below mentioned methods:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
The process I used that is mentioned on below link:
https://developer.apple.com/library/mac/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html#//apple_ref/doc/uid/TP40009507-SW3
When I debug the canAuthenticateAgainstProtectionSpace and checked the protectionspace value it displays request have NSURLAuthenticationMethodServerTrust problem.
I tried different different scenarios to handle the problem.
1. In canAuthenticateAgainstProtectionSpace method if I found NSURLAuthenticationMethodServerTrust validation then I returned NO, then didReceiveAuthenticationChallenge method never called but API returns blank string.
2. In canAuthenticateAgainstProtectionSpace method if I found NSURLAuthenticationMethodServerTrust validation then I returned YES, then didReceiveAuthenticationChallenge method called and when I used continueWithoutCredentialForAuthenticationChallenge, performDefaultHandlingForAuthenticationChallenge and cancelAuthenticationChallenge methods one by one but nothing happening always I am getting the same result blank string and on cancelAuthenticationChallenge I am getting the NSURL Error -1012.
Our API is hosted on http://uat-exchange.vrmco.com/
Please help me what I am missing or is any thing that we need to used to resolve this error.
Thanks in Advance.
I don't think this is a TLS problem if it works the first time. IIRC, unless you're providing custom TLS handler methods (returning YES for the server trust protection space in your canAuthenticateAgainst... method), a 1012 error typically means a failure to authenticate the user to the server rather than the other way around. (There are other error codes for TLS failures—1202 in particular.)
My first guess would be that your server is requiring some kind of cookie-based authentication, and is returning an HTTP 401 error code when that cookie expires. If so, you should probably treat that as an indication that you need to redo the login process.
I am using faye for publishing and subscribing messages. Now i have to move my application over ssl. I am running my application https://localhost:44477 and my faye server runs as https://<ip>:9292. And i have to use self signed certificate for my application. I generated one self signed certificate and for using this, I add exception for my rails application when pop-up for untrusted connection comes on browser.
Problem occurs on accessing faye. Since i am calling faye from layouts as https://<ip>:9292/faye.js, browser needs to add exception for this url separately. But, since this I am accessing from layout, no separate pop-up comes for this, and it fails silently, till i open this in another browser and add exception.
Is there any way to handle adding exceptions for requests from backend/layouts?
We have a site in a S3 bucket configured to serve static HTML. The HTML app is an AngularJS app. The AngularJS app requests its data with ajax through HTTPS with a self signed certificate to our backend API. All the GET requests work fine, but when we POST,PUT or DELETE in chrome the ajax requests get canceled.
All types of requests works in Firefox.
Our solution has been to disable HTTPS but that does not seem like a long term solution. Bought certificates is not an option for us.
We have noticed that the requests works in some versions of chrome. Is this something normal in chrome? Is there any way to avoid this?
Thanks for any kind of answer that might help us!
Yes Tyler! You are right! Chromes very much dislikes certificates that is not signed by a trusted authority.
I have an application in icenium that call a rest/json wcf service using jquery. When the calls are made using a non-encrypted connection (http) everything behaves as it should. However, when I use a ssl encrypted connection (https) all my ajax calls fail. I figure this is related to the self-signed certificate I use to test.
I was wondering if there was any way to accept self-signed certificates. I even installed the certificates on my iPad and still can't get it to work.
Any help would be greatly apreciated.
I can't say that this will necessarily work for Icenium. However, I had the same problem with jquery and a self-signed certificate in a good old-fashioned HTML page. I discovered that I had to change my jquery script source to use https rather than http. Everything then worked fine.
<script src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.0.3.min.js"></script>
My application will be deployed on HTTPS (currently it is in development and running on HTTP).
Will deploying the web app on HTTPS automatically make my AJAX calls HTTPS as well? I am using relative URLs in the AJAX calls, so i am thinking that when the absolute URL is constructed, HTTPS will be appended automatically.
please let me know. thanks for your response
If you are using relative URLs, then yes.
However, it is really important to test this before running live, as certain browsers(at least IE6) will display a really alarming warning if you try to load resources like images using a non-https connection.