Redirect to https not working from Android API rest call

Question

I am making my website http to https (using letsencrypt certificate) with redirect from http to https with following:

RewriteEngine on
RewriteCond %{SERVER_NAME} =xyz.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

I am making http API call to my website url from my android code, but it fails. When i change it to https, only then it succeeds. Why is this happening and is there a way such that http call itself from my android code can succeed.

I believe that the https url is not signed and the device is not able to trust the url. — SripadRaj, Jul 05 '16 at 05:38
What error do you receive? Are there relevant messages in logcat? — Daniel, Jul 05 '16 at 07:03
The Android app must follow the redirect returned by your server, see http://stackoverflow.com/q/8462177/1741542 — Olaf Dietsche, Jul 05 '16 at 08:37

score 1 · Accepted Answer · answered Jul 05 '16 at 09:12

1

My advice:

Always specify https in your android code
For API, do NOT redirect http->https, but answer an error on the http version, it helps catch security errors faster (with a redirect they could stay undetected)

answered Jul 05 '16 at 09:12

Tom

4,666
2
29
48

Redirect to https not working from Android API rest call

1 Answers1