changed behaviour #29: removed "validateDomainName" function and disabling it when "acceptAllCerts" is enabled

CHANGELOG.md

@@ -2,7 +2,16 @@
 
 ## v1.6.2
 
+- Change #29: removed "validateDomainName" (see info notice)
 - Fixed #31: request fails throwing error on erroneous cookies
+- Fixed #28: added support for content type "application/hal+json" on iOS (thanks ryandegruyter)
+
+#### Important information
+We've decided to remove the `validateDomainName()` method, because people were complaining that `acceptAllCerts(true)` is not behaving as expected. And also it's not a good idea to disable domain name validation while using valid certs, because it pretends having a secure connection, but it isn't.
+
+You should either use valid certs with domain name validation enabled (safe for production use) or accept any certs without domain name validation (only for private dev environments). I strongly discourage using fake certs in public networks.
+
+Therefore we are disabling domain name validation automatically, when you set `acceptAllCerts(true)`. So if you were using `validateDomainName()` function, you need to remove this function call for v1.6.2+.
 
 ## v1.6.1
 

README.md

@@ -1,7 +1,11 @@
 Cordova Advanced HTTP
 =====================
+[![npm version](https://badge.fury.io/js/cordova-plugin-advanced-http.svg)](https://badge.fury.io/js/cordova-plugin-advanced-http)
+[![downloads/month](https://img.shields.io/npm/dm/cordova-plugin-advanced-http.svg)](https://www.npmjs.com/package/cordova-plugin-advanced-http)
+[![MIT Licence](https://badges.frapsoft.com/os/mit/mit.png)](https://opensource.org/licenses/mit-license.php)
 [![Build Status](https://travis-ci.org/silkimen/cordova-plugin-advanced-http.svg?branch=master)](https://travis-ci.org/silkimen/cordova-plugin-advanced-http)
 
+
 Cordova / Phonegap plugin for communicating with HTTP servers.  Supports iOS and Android.
 This is a fork of [Wymsee's Cordova-HTTP plugin](https://github.com/wymsee/cordova-HTTP).
 
@@ -108,13 +112,7 @@ Accept all SSL certificates.  Or disable accepting all certificates.  This defau
     });
 
 ### validateDomainName
-Whether or not to validate the domain name in the certificate.  This defaults to true.
-
-    cordovaHTTP.validateDomainName(false, function() {
-        console.log('success!');
-    }, function() {
-        console.log('error :(');
-    });
+This function was removed in v1.6.2. Domain name validation is disabled automatically when you enable "acceptAllCerts".
 
 ### removeCookies
 Remove all cookies associated with a given URL.
@@ -227,4 +225,4 @@ This plugin utilizes some awesome open source networking libraries. These are bo
  - iOS - [AFNetworking](https://github.com/AFNetworking/AFNetworking)
  - Android - [http-request](https://github.com/kevinsawicki/http-request)
 
-We made a few modifications to http-request.
+We made a few modifications to both of them.

src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java

@@ -99,11 +99,7 @@ public class CordovaHttpPlugin extends CordovaPlugin {
             boolean accept = args.getBoolean(0);
 
             CordovaHttp.acceptAllCerts(accept);
-            callbackContext.success();
-        } else if (action.equals("validateDomainName")) {
-            boolean accept = args.getBoolean(0);
-
-            CordovaHttp.validateDomainName(accept);
+            CordovaHttp.validateDomainName(!accept);
             callbackContext.success();
         } else if (action.equals("uploadFile")) {
             String urlString = args.getString(0);

src/ios/CordovaHttpPlugin.h

@@ -6,7 +6,6 @@
 
 - (void)enableSSLPinning:(CDVInvokedUrlCommand*)command;
 - (void)acceptAllCerts:(CDVInvokedUrlCommand*)command;
-- (void)validateDomainName:(CDVInvokedUrlCommand*)command;
 - (void)disableRedirect:(CDVInvokedUrlCommand*)command;
 - (void)post:(CDVInvokedUrlCommand*)command;
 - (void)get:(CDVInvokedUrlCommand*)command;

src/ios/CordovaHttpPlugin.m

@@ -108,6 +108,7 @@
 
 - (void)enableSSLPinning:(CDVInvokedUrlCommand*)command {
     bool enable = [[command.arguments objectAtIndex:0] boolValue];
+
     if (enable) {
         securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
     } else {
@@ -133,16 +134,7 @@
     bool allow = [[command.arguments objectAtIndex:0] boolValue];
 
     securityPolicy.allowInvalidCertificates = allow;
-
-    pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK];
-    [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];
-}
-
-- (void)validateDomainName:(CDVInvokedUrlCommand*)command {
-    CDVPluginResult* pluginResult = nil;
-    bool validate = [[command.arguments objectAtIndex:0] boolValue];
-
-    securityPolicy.validatesDomainName = validate;
+    securityPolicy.validatesDomainName = !allow;
 
     pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK];
     [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];

www/advanced-http.js

@@ -157,10 +157,10 @@ var http = {
         return exec(success, failure, 'CordovaHttpPlugin', 'acceptAllCerts', [allow]);
     },
     disableRedirect: function(disable, success, failure) {
-        return exec(success, failure, "CordovaHttpPlugin", "disableRedirect", [disable]);
+        return exec(success, failure, 'CordovaHttpPlugin', 'disableRedirect', [disable]);
     },
     validateDomainName: function (validate, success, failure) {
-        return exec(success, failure, 'CordovaHttpPlugin', 'validateDomainName', [validate]);
+        failure('advanced-http: "validateDomainName" is no more supported, please see change log for further info');
     },
     post: function (url, data, headers, success, failure) {
         handleMissingCallbacks(success, failure);