如何在Android WebView中不使用ssl加载https url [英] How can load https url without use of ssl in android webview

问题描述

我已在Playstore上标记了一个问题，并且Google向我发送的邮件由于使用SSL而导致我的应用不安全.

I have Marked one problem on Playstore and google send the mail my app is unsafe because use of SSL.

当前在我的应用程序中，我有一个webview是加载链接，它包含https网址.

Currently in my application I have one webview which is load link and it contains https url.

在网络设置中，我是这样的:

on web settings I'm doing like this:

web.setWebViewClient(new SSLTolerentWebViewClient());

要忽略ssl证书，我使用以下代码，但是由于忽略显示我的应用程序不安全的证书playstore

to ignore ssl certificate I use following code but because of ignoring certificate playstore showing my app is unsafe

private class SSLTolerentWebViewClient extends WebViewClient {
    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
        handler.proceed(); // Ignore SSL certificate errors
    }
}

有人可以建议我该怎么做，这样我的WebView可以处理https网址，而Playstore不会将我的应用标记为不安全吗?

Can anyone one suggest me how can I do this so my WebView can handle https url and Playstore not mark my app as unsafe?

推荐答案

要解决Google Play警告:WebViewClient.onReceivedSslError处理程序

To Solve Google Play Warning: WebViewClient.onReceivedSslError handler

不总是强制执行handler.proceed();但是您还必须包括handler.cancel();.这样用户就可以避免加载不愉快的内容.

Not Always force to handler.proceed(); but you have to also include handler.cancel(); so user can avoid unsaif content from loading.

处理WebViewClient.onReceivedSslError处理程序的不安全实现

To Handle unsafe implementation of the WebViewClient.onReceivedSslError handler

使用以下代码

 webView.setWebViewClient(new SSLTolerentWebViewClient());
 webView.loadUrl(myhttps url);

和

 private class SSLTolerentWebViewClient extends WebViewClient {
    public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {

        AlertDialog.Builder builder = new AlertDialog.Builder(Tab1Activity.this);
        AlertDialog alertDialog = builder.create();
        String message = "SSL Certificate error.";
        switch (error.getPrimaryError()) {
            case SslError.SSL_UNTRUSTED:
                message = "The certificate authority is not trusted.";
                break;
            case SslError.SSL_EXPIRED:
                message = "The certificate has expired.";
                break;
            case SslError.SSL_IDMISMATCH:
                message = "The certificate Hostname mismatch.";
                break;
            case SslError.SSL_NOTYETVALID:
                message = "The certificate is not yet valid.";
                break;
        }

        message += " Do you want to continue anyway?";
        alertDialog.setTitle("SSL Certificate Error");
        alertDialog.setMessage(message);
        alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {
                // Ignore SSL certificate errors
                handler.proceed();
            }
        });

        alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {

                handler.cancel();
            }
        });
        alertDialog.show();
    }
}

这篇关于如何在Android WebView中不使用ssl加载https url的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！