任何人都可以帮助删除我的 android webview 中的漏洞。我已经放置了我网站的 NSC 文件和证书,但仍然存在漏洞。
问问题
137 次
1 回答
0
用用户选择覆盖onReceivedSslError内部的方法setWebViewClient以继续。
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
AlertDialog.Builder builder = new AlertDialog.Builder(requireNonNull(getActivity()));
AlertDialog alertDialog = builder.create();
String message = getString(R.string.ssl_error_msg);
switch (error.getPrimaryError()) {
case SslError.SSL_UNTRUSTED:
message = getString(R.string.ssl_untrusted);
break;
case SslError.SSL_EXPIRED:
message = getString(R.string.ssl_expired);
break;
case SslError.SSL_IDMISMATCH:
message = getString(R.string.ssl_host_mismatch);
break;
case SslError.SSL_NOTYETVALID:
message = getString(R.string.ssl_not_yet_valid);
break;
}
message += getString(R.string.do_you_want_to_continue_anyway);
alertDialog.setTitle(getString(R.string.ssl_cert_error_msg));
alertDialog.setMessage(message);
alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", (dialog, which) -> {
// Ignore SSL certificate errors
handler.proceed();
});
alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", (dialog, which) -> {
//myWebView.loadUrl(_URL);
handler.cancel();
dismiss();
});
alertDialog.show();
}
于 2020-03-24T07:11:50.363 回答