We're currently developing a mobile app using Cordova/PhoneGap (latest release) for both Android and iOS. One of the key aspects of our app is that it retrieves data from different remote sources (one of which has an invalid SSL certificate). After making sure all the .plist settings are correctly set (for domain white list) our app is not working under neither iOS 5 nor 6. No errors show in the console in XCode or Safari -- it simply dies. The Android app works fine as well as working locally in web browsers. So, couple questions:
Is there a .plist setting for ignoring invalid SSL certificates in iOS? I saw some code to do that in the UIWebView but we're not sure if we should modify that code and risk breaking the app elsewhere.
** Edit 3/13/14 **
The recommended approach is to install your CA in your device: email your CA to your device, tap on the CA file in the email, and import it into your secure storage area. This will allow your device to trust the unsigned https connection without needing the lines of code shown below.
Note that while the solution below will work, it is unsafe and not recommended. You must remove these lines of code before releasing a production version of the app. Failure to do so will render the application insecure. This solution is not recommended because people may forgot to remove this.
** Original answer **
There is no cordova plist setting for this. To get around this in iOS append the code seen below to the end of your AppDelegate.m file.
@implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
@end
I have used this in several projects in the past and have not seen any adverse side effects.
The AppDelegate.m file can be found in the yellow colored folder titled Classes in your Xcode project.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With