使用自签名证书从 https 服务器响应本机 fetch() [英] React-native fetch() from https server with self-signed certificate

问题描述

我正在尝试与具有自签名证书的 https 服务器通信.

I'm trying to communicate with https server having self-signed certificate.

我可以从 .NET 应用程序(使用 ServicePointManager.ServerCertificateValidationCallback 事件)、本地 iOs 应用程序(使用 allowedAnyHTTPSCertificateForHost)或 Web 浏览器(只需要声明证书是可信的)来执行此操作.

I can do this from .NET application (using ServicePointManager.ServerCertificateValidationCallback event), from native iOs application (using allowsAnyHTTPSCertificateForHost) or from web browser (just need to declare that the certificate is trusted).

但我无法让它在 react-native 应用程序中工作(无论是在 Android 还是在 iOS 模拟器中).

But I can't get it to work in react-native application (neither in Android nor in iOS simulator).

我尝试了不同的方法，但仍然没有成功.

I have tried different things but still not succeed.

我知道那里有一些类似的主题:
忽略错误对于在 ReactNative 应用中使用 fetch API 的自签名 SSL 证书?
如果 ssl (https) 证书无效
获取 react native 不适用于 Android 上的 ssl
从基于 SSL 的服务器获取数据的问题
无法使用 react-native 进行 API 调用

I know there are some similar topics there:
Ignore errors for self-signed SSL certs using the fetch API in a ReactNative App?
React Native XMLHttpRequest request fails if ssl (https) certificate is not valid
Fetch in react native wont work with ssl on android
Problems fetching data from a SSL based Server
Unable to make API calls using react-native

但它们要么不包含答案，要么不起作用(而且它们根本不涉及 android 编程).搜索其他资源也没有成效.

But they either do not contain answers or do not working (and they do not cover android programming at all). Searching other resources was not productive as well.

我相信应该有一种简单的方法来使用自签名证书.我错了吗?有人知道吗(适用于 iOS 和 Android)?

I believe there should be an easy way to work with self-signed certificate. Am I wrong? Does anybody know it (both for iOS and Android)?

推荐答案

免责声明:此解决方案应该是临时的并记录在案，以便它不会停留在软件的生产阶段，这仅用于开发.

Disclaimer: This solution should be temporary and documented so that it won't stay in the production phase of the software, this is for development only.

对于 iOS，您所要做的就是打开 xcodeproject(在 RN 中的 iOS 文件夹内)，然后转到 RCTNetwork.xcodeproj 并在该项目中导航到 RCTHTTPRequestHandler.m

For iOS, all you have to do is, open your xcodeproject (inside your iOS folder in RN) once you have that open, go to RCTNetwork.xcodeproj and in that project, navigate to RCTHTTPRequestHandler.m

在该文件中，您将看到如下一行:

In that file you will see a line like this:

#pragma mark - NSURLSession delegate

在那行之后，添加这个函数

right after that line, add this function

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
{
  completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
}

瞧，您现在可以在没有有效证书的情况下对 API 进行不安全的调用.

And voila, you can now make insecure calls to your API without a valid certificate.

这应该足够了，但是如果您仍然遇到问题，您可能需要转到您项目的 info.plist，左键单击它并选择 open as... source code.

That should be enough, but if you are still having problems, you might need to go to your project's info.plist, left click on it and choose open as... source code.

最后添加

<key>NSAppTransportSecurity</key>
  <dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
  </dict>
  <key>NSExceptionDomains</key>
    <dict>
        <key>localhost</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>subdomain.example.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>

所以你的文件看起来像这样

so your file will look like this

    ...
    <key>UISupportedInterfaceOrientations</key>
    <array>
        <string>UIInterfaceOrientationPortrait</string>
        <string>UIInterfaceOrientationLandscapeLeft</string>
        <string>UIInterfaceOrientationLandscapeRight</string>
    </array>
    <key>UIViewControllerBasedStatusBarAppearance</key>
    <false/>
    <key>NSLocationWhenInUseUsageDescription</key>
    <string></string>
  <key>NSAppTransportSecurity</key>
  <dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
  </dict>
  <key>NSExceptionDomains</key>
    <dict>
        <key>localhost</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>subdomain.example.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>
</plist>

对于真正的生产就绪解决方案，https://stackoverflow.com/a/36368360/5943130该解决方案是更好

For a real production ready solution, https://stackoverflow.com/a/36368360/5943130 that solution is better

这篇关于使用自签名证书从 https 服务器响应本机 fetch()的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！