Android WebView阻止从https重定向到http [英] Android WebView blocks redirect from https to http

本文介绍了Android WebView阻止从https重定向到http的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!


我有一个解决方案,我的Android WebView需要首先打开一个https网址,然后它会被重定向到一个http网址(它可能是从https网站尝试一个http POST)。这不起作用,我的Android调试日志说:

I have a solution where my Android WebView needs to first open a https url, then it will be redirected to a http url (it might be trying a http POST from the https site). This is not working, and my Android debug log says:

02-20 11:04:45.079 8538-8538 /? E / WebViewCallback:阻止的URL:[已阻止] https:// xxx / 的页面是通过HTTPS加载的,但是正在向不安全的人提交数据位于 http:// yyy 的位置:此内容也应通过HTTPS提交。

02-20 11:04:45.079 8538-8538/? E/WebViewCallback﹕ Blocked URL: [blocked] The page at 'https://xxx/' was loaded over HTTPS, but is submitting data to an insecure location at 'http://yyy': this content should also be submitted over HTTPS.


Are there any configuration options in the WebView that will allow this behaviour?

更多信息:它似乎是Android SDK中的行为更改。很久以前编译的客户端没有任何投诉。

More info: it seems like a behaviour change in the Android SDK. A client compiled a long time ago does this without any complaints.


混合http /的默认WebView设置发生了变化https内容在Lollipop(API 20)。请参见 / 12/20 / webviews-andorid-lollipop / 了解更多详情。

There was a change in default WebView settings for mixed http/https content in Lollipop (API 20). See for more details.


To allow https to redirect to http you need to set the mixed content mode to MIXED_CONTENT_ALWAYS_ALLOW

 if (Build.VERSION.SDK_INT >= 21) {
        webview.getSettings().setMixedContentMode( WebSettings.MIXED_CONTENT_ALWAYS_ALLOW );


Note that setting MIXED_CONTENT_ALWAYS_ALLOW is bad from security point of view, and as you note in your answer, it is better to support https on both sites.


But for those that don't have control over the sites, this should work.

这篇关于Android WebView阻止从https重定向到http的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

登录 关闭
发送“验证码”获取 | 15天全站免登陆