[英]Android unsafe implementation of WebViewClient.onReceivedSslError handler
We are using WebView to load paytm payment pages in our app. 我们正在使用WebView在我们的应用中加载paytm支付页面。 In this process we faced Ssl certificate error.
在此过程中,我们遇到了Ssl证书错误。 To handle this we added SslErrorHandler.proceed() in our code.
为了解决这个问题,我们在代码中添加了SslErrorHandler.proceed()。 Everything is working fine.
一切都很好。 I tried publishing this apk to store, but the app got rejected mentioning
我尝试将这个apk发布到商店,但该应用程序被拒绝提及
unsafe implementation of WebViewClient.onReceivedSslError handler
WebViewClient.onReceivedSslError处理程序的不安全实现
Here is my code 这是我的代码
fcweb.getSettings().setJavaScriptEnabled(true);
fcweb.getSettings().setDomStorageEnabled(true);
fcweb.setLongClickable(false);
fcweb.setHapticFeedbackEnabled(false);
CookieManager.getInstance().setAcceptCookie(true);
fcweb.setWebViewClient(new WebViewClient(){
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed(); // Ignore SSL certificate errors
L.d("SSL Error received");
}
});
Note : I dont want to show any alert dialog regarding the error. 注意 :我不想显示有关错误的任何警告对话框。 What should I do to resolve this?
我该怎么做才能解决这个问题?
Not Always force to handler.proceed(); 并非总是强制执行handler.proceed(); but you have to also include handler.cancel();
但你还必须包括handler.cancel(); so user can avoid unsafe content from loading.
这样用户可以避免加载不安全的内容。
To properly handle SSL certificate validation, change your code to invoke SslErrorHandler.proceed() whenever the certificate presented by the server meets your expectations, and invoke SslErrorHandler.cancel() otherwise. 要正确处理SSL证书验证,只要服务器提供的证书符合您的期望,就更改代码以调用SslErrorHandler.proceed(),否则调用SslErrorHandler.cancel()。
@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
final AlertDialog.Builder builder = new AlertDialog.Builder(this);
builder.setMessage(R.string.notification_error_ssl_cert_invalid);
builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.proceed();
}
});
builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.cancel();
}
});
final AlertDialog dialog = builder.create();
dialog.show();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.