Google Play Warning: WebViewClient.onReceivedSslError handler

前端未结

关注

 2  1562

I recently received an email from Google with the following subject : \"Google Play Warning: SSL Error Handler Vulnerability\". In this email, Google explains that my app has an

相关标签:

2条回答

梦毁少年i

2021-02-01 09:31

The problem is in your code. When you call handler.proceed(); like that, it effectively removes all the security from your connection.

You should remove your onReceivedSslError method. The default implementation will reject insecure connections.

0 讨论(0)
发布评论:

提交评论
- 加载中...

感情败类

2021-02-01 09:47

I hope is not too late for this.. that warning is about you should notify user is going to a page with invalid cert, you should not proceed it directly.

You can implment an alert dialog something like this:

@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
    final AlertDialog.Builder builder = new AlertDialog.Builder(this);
    builder.setMessage(R.string.notification_error_ssl_cert_invalid);
    builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.proceed();
        }
    });
    builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
        @Override
        public void onClick(DialogInterface dialog, int which) {
            handler.cancel();
        }
    });
    final AlertDialog dialog = builder.create();
    dialog.show();
}

This was taken from sakiM answers in this link: Webview avoid security alert from google play upon implementation of onReceivedSslError

0 讨论(0)