1

I have an ionic v1 application which was working fine, but a few weeks ago when I built new signed .apk file all $http requests just stop working.

Here is an example of request

$http({
      method: 'GET',
      url: 'https://some-url.com/user/id'
    }).then(function (response) {
        alert(response.data);
      }, function (error) {
      alert('Error ' + JSON.stringify(error));
});

I always get error callback with {data: null, status -1, headers: ...}

What is interesting that when I build simple apk or just running cordova run android everything works fine. Only not working in signed apk.

I already tried to update cordova-plugin-whitelist and added 

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">

to my index.html file. Also added <allow-navigation href="*" /> to my config.xml file.

Does anyone have some ideas why this is happening? Maybe android sdk changed the way of building signed apk and I need some addintional configuration.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
I. Sokolyk
  • 65
  • 2
  • 8
  • I also tried to make AJAX request instead of $http and the result is the same – I. Sokolyk Sep 22 '17 at 14:32
  • is there internet permission in the android manifest? – Luca Nicoletti Sep 22 '17 at 14:34
  • @LucaNicoletti, yes there is – I. Sokolyk Sep 22 '17 at 14:36
  • Does your backend receive the request? – Luca Nicoletti Sep 22 '17 at 14:40
  • @LucaNicoletti, I just noticed when I make a call to IP address of my local PC everything works, but when I use production backend with https I get status -1 – I. Sokolyk Sep 22 '17 at 14:54
  • as noted [here](https://docs.angularjs.org/api/ng/service/$http): "-1 usually means the request was aborted, e.g. using a config.timeout" – Luca Nicoletti Sep 22 '17 at 14:59
  • Ignore the documentation. A status of -1 usually indicates a [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) problem. The browser blocked the request because it violates [Same Origin Policy](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy). – georgeawg Sep 22 '17 at 15:32
  • 1
    @georgeawg, it was not a CORS issue, because my backend handle this. I already fixed this issue. The problem was with SSL certificate on my serverside. The intermidiate certificate was missing so I added it and the problem is gone – I. Sokolyk Sep 26 '17 at 14:25
  • Thanks a lot @georgeawg. I had the same issue what you had. Intermediate certificate missing. – Hashan Seneviratne Jun 14 '18 at 09:57

1 Answers1

0

You can ignore certificate by changing the following code on the CordovaWebViewClient.java file you can find the java file in Cordova version 4 or less platforms/android/CordovaLib/src/org/apache/cordova/CordovaWebViewClient.java

or Cordova version 5 or greater platforms/android/CordovaLib/src/org/apache/cordova/engine/SystemWebViewClient.java

public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
  final String packageName = this.cordova.getActivity().getPackageName();
  final PackageManager pm = this.cordova.getActivity().getPackageManager();

  ApplicationInfo appInfo;
  try {
    appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);
    if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
      // debug = true
      handler.proceed();
      return;
    } else {
      // debug = false
      // THIS IS WHAT YOU NEED TO CHANGE:
      // 1. COMMENT THIS LINE
      // super.onReceivedSslError(view, handler, error);
      // 2. ADD THESE TWO LINES
      // ---->
      handler.proceed();
      return;
      // <----
    }
  } catch (NameNotFoundException e) {
    // When it doubt, lock it out!
    super.onReceivedSslError(view, handler, error);
  }
}

Hope this solution will work for you.

Sultan Khan
  • 308
  • 2
  • 11