I have an NSB app that is designed for internal corporate use only. It calls several web services, and for years has only called http:. We now need to support http and https, and https calls are not working
Currently my Content Security policy is empty, so is it safe to assume that https is blocked in this condition? I’d like to open up the ability to call any http or https URL, as they are all managed internally so security is not an issue. Would a CSP like this do the trick? Not exactly sure on the syntax for wildcard http or https.
Our challenge is that some of the security implemented at our customer is preventing us from running Remote console. The devices are on an internal WIFI and the devices (Android Phones) have manually added root and inter certificates. Is there any way to create any type of debug features in a test APP to see what is going on? Right now the app calls GETJSON and just never returns so we are at a dead end. I can manually call the web service that the app is trying to call from the phones browser, but the app is having no luck
Thanks! Sorry I didn’t realize it was a holiday for y’all so thanks for the support.
It’s a tough one, the device actually requires a certificate on the Android device and server as it is a internally signed cert making this super challenging. Any thoughts on what the most unrestrictive CSP might be?
Also, I wasn’t sure if it needed to be wrapped with
Tip: If you’re pasting code, html or config files, surround the code with triple back ticks (```), before the first line and after the last one. It will be formatted properly. (We fixed it for you this time)
I few google searches and it looks like DEBUG perhaps ignores al SSL errors, where the RELEASE captures them.
Our problem seems to be SSL related, the customer we are running requires client certificates on the phone itself, so a bit different. We are trying various CSP settings, but most of the time, the app does not return any errors in the debug console .
GetJSON - never returns
AJAX - Responsestatus=0, responsetext=undefined
In Chrome debugger, network window shows the call status “Cancelled”
I have also seen several searches talking about challenges with certificates issues internally (In this case it is an internal corporate cert) and wondering if this is something in the APK that is not recognizing these certs…