Home » Android » How can load https url without use of ssl in android webview

How can load https url without use of ssl in android webview

Posted by: admin May 14, 2020 Leave a comment

Questions:

I have Marked one problem on Playstore and google send the mail my app is unsafe because use of SSL.

Currently in my application I have one webview which is load link and it contains https url.

on web settings I’m doing like this:

web.setWebViewClient(new SSLTolerentWebViewClient());

to ignore ssl certificate I use following code but because of ignoring certificate playstore showing my app is unsafe

private class SSLTolerentWebViewClient extends WebViewClient {
    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
        handler.proceed(); // Ignore SSL certificate errors
    }
}

Can anyone one suggest me how can I do this so my WebView can handle https url and Playstore not mark my app as unsafe?

How to&Answers:

To Solve Google Play Warning: WebViewClient.onReceivedSslError handler

Not Always force to handler.proceed(); but you have to also include handler.cancel(); so user can avoid unsaif content from loading.

To Handle unsafe implementation of the WebViewClient.onReceivedSslError handler

use the following code

 webView.setWebViewClient(new SSLTolerentWebViewClient());
 webView.loadUrl(myhttps url);

and

 private class SSLTolerentWebViewClient extends WebViewClient {
    public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {

        AlertDialog.Builder builder = new AlertDialog.Builder(Tab1Activity.this);
        AlertDialog alertDialog = builder.create();
        String message = "SSL Certificate error.";
        switch (error.getPrimaryError()) {
            case SslError.SSL_UNTRUSTED:
                message = "The certificate authority is not trusted.";
                break;
            case SslError.SSL_EXPIRED:
                message = "The certificate has expired.";
                break;
            case SslError.SSL_IDMISMATCH:
                message = "The certificate Hostname mismatch.";
                break;
            case SslError.SSL_NOTYETVALID:
                message = "The certificate is not yet valid.";
                break;
        }

        message += " Do you want to continue anyway?";
        alertDialog.setTitle("SSL Certificate Error");
        alertDialog.setMessage(message);
        alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {
                // Ignore SSL certificate errors
                handler.proceed();
            }
        });

        alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {

                handler.cancel();
            }
        });
        alertDialog.show();
    }
}

Answer:

Just for future reference or for anyone else that is facing the same problem! Using Xamarin Forms.

It works, here is the full code I used. It also fixes another bug where the Scroll of the WebView is not working anymore when using Xamarin Shell.

using System;
using Android.Content;
using Android.Views;
using Mobile.Droid.Render;
using Xamarin.Forms;
using Xamarin.Forms.Platform.Android;

[assembly: ExportRenderer(typeof(WebView), typeof(MyWebViewRenderer))]
namespace Mobile.Droid.Render
{
    public class MyWebViewRenderer : WebViewRenderer
    {
        public MyWebViewRenderer(Context context) : base(context)
        {
        }

        public override bool DispatchTouchEvent(MotionEvent e)
        {
            Parent.RequestDisallowInterceptTouchEvent(true);
            return base.DispatchTouchEvent(e);
        }


        protected override void OnElementChanged(ElementChangedEventArgs<Xamarin.Forms.WebView> e)
        {
            base.OnElementChanged(e);

            // Setting the background as transparent
            this.Control.SetBackgroundColor(Android.Graphics.Color.Transparent);
            if (e.OldElement == null)
            {
                Control.SetWebViewClient(new MyFormsWebViewClient(this));
            }
        }

        internal class MyFormsWebViewClient : FormsWebViewClient
        {
            MyWebViewRenderer _renderer;

            public MyFormsWebViewClient(MyWebViewRenderer renderer) : base(renderer)
            {
                _renderer = renderer;
            }

            public override void OnReceivedSslError(Android.Webkit.WebView view, Android.Webkit.SslErrorHandler handler, Android.Net.Http.SslError error)
            {
                handler.Proceed();
            }

            public override void OnPageFinished(Android.Webkit.WebView view, string url)
            {
                base.OnPageFinished(view, url);
            }

            public override void OnLoadResource(Android.Webkit.WebView view, string url)
            {
                base.OnLoadResource(view, url);
            }
        }
    }
}

Answer:

Try linking to webpage with http rather than https. This will probably redirect to the https site. You will not need to code to ignore the security certificate.