如何减轻webview中奇怪的webview SSL / HTTPS错误? [英] How to mitigate weird webview SSL/HTTPS errors in webview?
问题描述
我实现了一个基本上在webview中加载Amazon的应用程序,所以显然我们不应该担心ssl错误,但是,我遇到了一个问题,其中两个用户在尝试加载页面时只收到空白页面。
I implemented an app that essentially loads Amazon in an a webview, so obviously we should not be having to worry about ssl errors, however, I ran into a problem where two users only received a blank page when try to load the page.
通过重载 onReceivedSslError()方法,我能够确定webview丢了很多 SSL_INVALID 并且能够通过忽略它们并调用handler.proceed函数来加载页面。
By overloading the onReceivedSslError() method, I was able to determine that the webview was throwing many SSL_INVALID and was able to load the page by ignoring them and calling the handler.proceed function.
@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
handler.proceed();
}
这两个问题都发生在Android 5.0+上,因此,我尝试下载来自google play的webview应用程序,因为webview在Android 5.0之后是外部的。它解决了这个问题。没有更多的SSL错误被抛出,亚马逊加载得很好。
Both of these issues occurred on Android 5.0+, therefore, I tried downloading the webview app from google play since webview is external after Android 5.0. It fixed the issue. No more SSL errors were thrown, and Amazon loaded up fine.
现在这里是我能够在两个用户之间找到的相关性。他们两个都拥有Android 5.0+,并且两者之前都能够在webview中加载亚马逊,但之后在存储空间不足时遇到了这个问题。我认为存储问题导致webview开始抛出这些SSL错误?
Now here are the correlations I was able to find between the two users. Both of them has Android 5.0+ and both were able to previously load Amazon in the webview in the past but then ran into this issue AFTER they ran low on storage space. I think the storage issue caused webview to start throwing these SSL errors?
我问是否有人可以解释为什么会发生这种情况,以及是否有任何缓解的想法?
Im asking if anyone could shed somelight as too why this is happening, and if there are any mitigation ideas?
推荐答案
这是Chrome中的一个错误,与存储空间无关。
This was a bug in Chrome and is nothing to do with the storage space.
此处详细说明了这个错误: https:// bugs.chromium.org/p/chromium/issues/detail?id=664177
The bug is detailed here: https://bugs.chromium.org/p/chromium/issues/detail?id=664177
基本上在Chrome 53的构建日期(2016年8月30日)后10周,因此,2016年11月7日,使用赛门铁克或其子公司(例如Geotrust和Thawte)发布的HTTPS证书的网站停止在Chrome中工作。由于赛门铁克是世界上最大的CA之一,因此影响了很多站点。唯一的解决方法是升级。
Basically 10 weeks after Chrome 53's build date (30th August 2016), so on 7th November 2016, sites that used HTTPS certificates issued by Symantec or its subsidiaries (e.g. Geotrust and Thawte) stopped working in Chrome. As Symantec is one of the largest CAs in the world this affected a lot of sites. Only fix is to upgrade.
短期解决方案是更新到Chrome 54,这应该让你一直到2016年12月27日或2017年1月7日(取决于你正在使用的54个确切版本,当它达到10周截止日期时。该错误已在Chrome 55中永久修复。
A short term solution was to update to Chrome 54 which should have kept you going until the 27th December 2016 or 7th January 2017 (depending on the exact version of 54 you were using), when it too hit the 10 week deadline. The bug was fixed permanently in Chrome 55.
因此希望您的用户升级(或说服他们与您联系)基本上是唯一的选择。
So hoping your users will upgrade (or persuading them to if they contact you) is basically the only option.
唯一的另一个选择是将证书颁发机构从赛门铁克转移到另一个要查看的网站的证书提供商(由于这一变化确实发生,您认为可疑的部分是Google的意图间接作为从谷歌到赛门铁克的惩罚的一部分,即使它显然不打算导致这个问题)。显然,这不是您无法控制的网站的选项,例如亚马逊。
The only other option is to move Certificate Authorities away from Symantec to another cert provider for websites you want to view (which the suspicious amongst you may think was partially Google's intention as this change did happen indirectly as part of a punishment from Google to Symantec, even though it wasn't apparently intended to cause this issue). Obviously that is not an option for websites you are not in control of such as Amazon.
我不知道每个设备/操作系统版本的WebView版本的详细信息。
I am not aware of any place that details the WebView version per device/OS release.
More details here, here, here or even here.
当我遇到这个问题时,让我有点痛苦: (
Cause me quite a bit of pain to figure this out when it happened to me :-(
这篇关于如何减轻webview中奇怪的webview SSL / HTTPS错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
