Phonegap Android app ajax requests to HTTPS fail with status 0 Phonegap Android app ajax requests to HTTPS fail with status 0 ajax ajax

Phonegap Android app ajax requests to HTTPS fail with status 0


ajax cordova https

I was having the same problem but my solution was a little different.

  1. In only the Android App build of my Cordova app, AJAX calls to my server via HTTPS were being blocked. Not in iOS, not in desktop browsers. Most confusingly, in the actual Android Browser the HTTPS AJAX calls would work no problem.

  2. I verified that I could make HTTPS AJAX calls to well known and trusted URLs such as https://google.com as well as regular HTTP calls to any URL I cared to try.

  3. This led me to believe that my SSL cert was either NOT installed 100% correctly OR the cheap (~$10 usd) cert from PositveSSL was not universally trusted OR both.

  4. My cert was installed on my AWS Load Balancer so I looked around about how I may have messed this up and also how PositiveSSL was not the best cert to be using in terms of trustworthiness. Lucky me found an article covering AWS ELB installation of certs AND they happened to be using a PositiveSSL cert! Contained within was this little gem:

"...Don’t be fooled by the AWS dialog, the certificate chain isn’t really optional when your ELB is talking directly to a browser..."

http://www.nczonline.net/blog/2012/08/15/setting-up-ssl-on-an-amazon-elastic-load-balancer/

Drumroll....

I reinstalled the cert with the "optional" Certificate Chain info and voilà!, the HTTPS AJAX calls to my server started working.

So it appears that the Android Webview is more conservative than the Android Browser in terms of cert trust. This is not totally intuitive since they are supposed to be basically the same tech.

ajax cordova https

It happens when the requested URL responds with an erroneous or self-signed certificate. While testing or distributing the app to friends, setting <application android:debuggable="true"...> in AndroidManifest.xml is enough — it automatically bypasses certificate errors.

But Google Play Store will not accept an APK with android:debuggable="true". First of all, the certificates, of course, need to be fixed. But while that happens, here is a workaround for PhoneGap/Cordova 3:

  1. In your app package create a subclass for CordovaWebViewClient:

    public class SSLAcceptingCordovaWebViewClient extends CordovaWebViewClient {    public SSLAcceptingCordovaWebViewClient(CordovaInterface cordova, CordovaWebView view) {        super(cordova, view);    }    @Override    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {        handler.proceed();    }}

  2. Same for IceCreamCordovaWebViewClient:

    public class SSLAcceptingIceCreamCordovaWebViewClient extends IceCreamCordovaWebViewClient {    public SSLAcceptingIceCreamCordovaWebViewClient(CordovaInterface cordova, CordovaWebView view) {        super(cordova, view);    }    @Override    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {        handler.proceed();    }}

  3. in <Your App Name>.java add an override for makeWebViewClient:

    @Overrideprotected CordovaWebViewClient makeWebViewClient(CordovaWebView webView) {    if(android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.HONEYCOMB) {        return new SSLAcceptingCordovaWebViewClient(this, webView);    } else {        return new SSLAcceptingIceCreamCordovaWebViewClient(this, webView);    }}

Et voilà! SSL errors will be disregarded. However, never use erroneous certificates. Try to fix them first and use this dirty workaround only when you run out of other solutions.

ajax cordova https

The other option that works as well is to recompile the underlying cordova.jar file so that the test is removed completely thus no reason to worry about your cert being valid or not. I ran in the issue due to the fact that Android would not recognize the GoDaddy cert that was on the server. The cert shows valid on iOS but even when browsing from Android complained about the cert. This is from the 2.9.x branch as this is what I was working with.

cordova-android / framework / src / org / apache / cordova / CordovaWebViewClient.java

@TargetApi(8)@Overridepublic void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {    final String packageName = this.cordova.getActivity().getPackageName();    final PackageManager pm = this.cordova.getActivity().getPackageManager();    ApplicationInfo appInfo;    try {        appInfo = pm.getApplicationInfo(packageName, PackageManager.GET_META_DATA);        handler.proceed();        return;        /* REMOVED TO BY PASS INVALID CERT CHAIN ****        if ((appInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {            // debug = true            handler.proceed();            return;        } else {            // debug = false            super.onReceivedSslError(view, handler, error);        }*/    } catch (NameNotFoundException e) {        // When it doubt, lock it out!        super.onReceivedSslError(view, handler, error);    }}

NOTE: I understand this is not safe but when all else fails this solved the issue that has been on going for over 2 months including reinstalling the cert following the cert chain install guide and beside it is a site that is our own not 3rd party so no matter if valid or not it is only connecting to this server.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last