堆栈内存溢出
  简体   繁体   English

Android不安全的WebViewClient.onReceivedSslError处理程序实现

[英]Android unsafe implementation of WebViewClient.onReceivedSslError handler

 原文  2017-01-20 11:17:45       android/ webview/ paytm

问题描述

We are using WebView to load paytm payment pages in our app. 我们正在使用WebView在我们的应用中加载paytm支付页面。 In this process we faced Ssl certificate error. 在此过程中,我们遇到了Ssl证书错误。 To handle this we added SslErrorHandler.proceed() in our code. 为了解决这个问题,我们在代码中添加了SslErrorHandler.proceed()。 Everything is working fine. 一切都很好。 I tried publishing this apk to store, but the app got rejected mentioning 我尝试将这个apk发布到商店,但该应用程序被拒绝提及

unsafe implementation of WebViewClient.onReceivedSslError handler WebViewClient.onReceivedSslError处理程序的不安全实现

Here is my code 这是我的代码 

    fcweb.getSettings().setJavaScriptEnabled(true);
    fcweb.getSettings().setDomStorageEnabled(true);
    fcweb.setLongClickable(false);
    fcweb.setHapticFeedbackEnabled(false);
    CookieManager.getInstance().setAcceptCookie(true);
    fcweb.setWebViewClient(new WebViewClient(){

        @Override
        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
            handler.proceed(); // Ignore SSL certificate errors
            L.d("SSL Error received");

        }

    });

Note : I dont want to show any alert dialog regarding the error. 注意 :我不想显示有关错误的任何警告对话框。 What should I do to resolve this? 我该怎么做才能解决这个问题?

1 个解决方案

解决方案1
 0  2017-01-20 11:22:13

Not Always force to handler.proceed(); 并非总是强制执行handler.proceed(); but you have to also include handler.cancel(); 但你还必须包括handler.cancel(); so user can avoid unsafe content from loading. 这样用户可以避免加载不安全的内容。

To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise. 要正确处理SSL证书验证,只要服务器提供的证书符合您的期望,就更改代码以调用SslErrorHandler.proceed(),否则调用SslErrorHandler.cancel()。 

    @Override 
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
    final AlertDialog.Builder builder = new AlertDialog.Builder(this);
    builder.setMessage(R.string.notification_error_ssl_cert_invalid);
    builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
        @Override 
        public void onClick(DialogInterface dialog, int which) {
            handler.proceed();
        } 
    }); 
    builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
        @Override 
        public void onClick(DialogInterface dialog, int which) {
            handler.cancel();
        } 
    }); 
    final AlertDialog dialog = builder.create();
    dialog.show();
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google Play警告:WebViewClient.onReceivedSslError处理程序 - Google Play Warning: WebViewClient.onReceivedSslError handler 如何在没有WebViewClient.onReceivedSslError的情况下将我的应用成功上传到Play商店 - How to successfully upload my app to the play store without WebViewClient.onReceivedSslError WebViewClient :: onReceivedSslError不被调用 - WebViewClient::onReceivedSslError is not called Android WebViewClient / WebViewAssetLoader 实现错误 - Android WebViewClient / WebViewAssetLoader implementation error HostnameVerifier 接口的不安全实现 - Android - Unsafe implementation of the HostnameVerifier interface - Android Android-WebViewClient - Android - WebViewClient 如果证书是从特定的自签名CA签名的,请检查WebViewClient的onReceivedSslError()方法 - Check in the onReceivedSslError() method of a WebViewClient if a certificate is signed from a specific self-signed CA Android WebViewClient中的Chromecast API - Chromecast APIs in Android WebViewClient Android WebView WebViewClient - Android WebVIew WebViewClient Android WebViewClient问题 - Android WebViewClient problem
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM