I am using Crosswalk XWalkView as my application's webview, now I am loading some website that has valid certificate and works fine in Android versions < 7.
But with Android 7.0 and greater I get this toast message REQUEST WAS DENIED FOR SECURITY
and this log
06-12 17:46:46.024 22518-22731/? I/X509Util: Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I read some similar questions like this, but the solution being posted is in Cordova (see this). I am using native android and I would like to know if how can I do this on my end (native).
quote from the link
I solved this by adding the last 3 lines of the following snippet to config.xml:
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />
Thanks!
Basically what I want to do is to have some whitelist like Cordova does, but I don't know if how can I achieve this using Native Android and Crosswalk. First, I don't know if there's a config.xml in native android (in cordova there is), now I really need to know on how can I implement this in my project.
I was able to solve this by by following the steps from android network security config I trusted additional an certificate.
Basically, the first time I tried it I was providing the wrong SSL certificate (I assumed that it was the website itself, but the one causing the error is a host for a Javascript file being loaded in the website) in my network_security_config.xml.
website_ca is the SSL certificate file
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="@raw/website_ca"/>
<certificates src="system"/>
</trust-anchors>
</base-config>
</network-security-config>
It works fine now.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With