android - Phonegap/Cordova whitelisted cross domain SSL request not working after exporting APK

Question

I have created a phonegap app which needs to communicate with a self signed SSL service.

I whitelisted my url in res/xml/cordova.xml like so:

<access origin="https://www.mydomain.com" subdomains="true" />

and this works fine when I run and build from eclipse but if I then export and sign my app and manually install the APK then the app is unable to communicate with my web service.

The communication with the server is carried out using the Sencha Touch library like so:

Ext.Ajax.request({
        url: 'https://www.mydomain.com',
        method: 'get',          
        success: function(result) {                 
        },
        failure: function(result) {         
        }           
    }); 

Any help much appreciated

Answer 1

The problem is you are using a self-signed cert. The Android WebView does not allow by default self-signed SSL certs. PhoneGap/Cordova overrides this in the CordovaWebViewClient class but does not deviate its behaviour by much; if the app is debug-signed, it will proceed and ignore the error, otherwise it will fail.

You could change the above-linked to code in your application and make the onReceivedSslError method always call handler.proceed() - but this isn't recommended. Don't use a self-signed certificate!