Skip to content Skip to sidebar Skip to footer
Home / Android / Https / Webview

Android Webview Blocks Redirect From Https To Http

Post a Comment
I have a solution where my Android WebView needs to first open a https url, then it will be redirected to a http url (it might be trying a http POST from the https site). This is n

Solution 1:

There was a change in default WebView settings for mixed http/https content in Lollipop (API 20). See https://datatheorem.github.io/android/2014/12/20/webviews-andorid-lollipop/ for more details.

To allow https to redirect to http you need to set the mixed content mode to MIXED_CONTENT_ALWAYS_ALLOW

 if (Build.VERSION.SDK_INT >= 21) {
        webview.getSettings().setMixedContentMode( WebSettings.MIXED_CONTENT_ALWAYS_ALLOW );
    }

Note that setting MIXED_CONTENT_ALWAYS_ALLOW is bad from security point of view, and as you note in your answer, it is better to support https on both sites.

But for those that don't have control over the sites, this should work.

Solution 2:

You can ignore ssl error by overriding onReceivedSslError() method.

@OverridepublicvoidonReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
    handler.proceed(); // Ignore SSL certificate errors
}

Hope it will be work for you.

Solution 3:

From my research I don't think it is possible to disable this feature. I will support https in both sites instead. Safest anyway.

Solution 4:

Its worked for me 

 AlertDialog.Builderbuilder=newAlertDialog.Builder(MainActivity.webView.getContext());
  AlertDialogalertDialog= builder.create();
  Stringmessage="Certificate error.";
  switch (error.getPrimaryError()) {
     case SslError.SSL_UNTRUSTED:
        message = "The certificate authority is not trusted.";
        break;
     case SslError.SSL_EXPIRED:
        message = "The certificate has expired.";
        break;
     case SslError.SSL_IDMISMATCH:
        message = "The certificate Hostname mismatch.";
        break;
     case SslError.SSL_NOTYETVALID:
        message = "The certificate is not yet valid.";
        break;
  }
  message += " Do you want to continue anyway?";
  alertDialog.setTitle("SSL Certificate Error");
  alertDialog.setMessage(message);
  alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", newDialogInterface.OnClickListener() {

     publicvoidonClick(DialogInterface dialog, int which) {
        Log.d("CHECK", "Button ok pressed");
        // Ignore SSL certificate errors
        handler.proceed();
     }
  });
  alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", newDialogInterface.OnClickListener() {

     publicvoidonClick(DialogInterface dialog, int which) {
        Log.d("CHECK", "Button cancel pressed");
        handler.cancel();
     }
  });
  alertDialog.show();

You may like these posts

Post a Comment for "Android Webview Blocks Redirect From Https To Http"