diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f5312a..a9d3a43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,16 @@ ## v1.6.2 +- Change #29: removed "validateDomainName" (see info notice) - Fixed #31: request fails throwing error on erroneous cookies +- Fixed #28: added support for content type "application/hal+json" on iOS (thanks ryandegruyter) + +#### Important information +We've decided to remove the `validateDomainName()` method, because people were complaining that `acceptAllCerts(true)` is not behaving as expected. And also it's not a good idea to disable domain name validation while using valid certs, because it pretends having a secure connection, but it isn't. + +You should either use valid certs with domain name validation enabled (safe for production use) or accept any certs without domain name validation (only for private dev environments). I strongly discourage using fake certs in public networks. + +Therefore we are disabling domain name validation automatically, when you set `acceptAllCerts(true)`. So if you were using `validateDomainName()` function, you need to remove this function call for v1.6.2+. ## v1.6.1 diff --git a/README.md b/README.md index 33c0a56..b4af135 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,11 @@ Cordova Advanced HTTP ===================== +[![npm version](https://badge.fury.io/js/cordova-plugin-advanced-http.svg)](https://badge.fury.io/js/cordova-plugin-advanced-http) +[![downloads/month](https://img.shields.io/npm/dm/cordova-plugin-advanced-http.svg)](https://www.npmjs.com/package/cordova-plugin-advanced-http) +[![MIT Licence](https://badges.frapsoft.com/os/mit/mit.png)](https://opensource.org/licenses/mit-license.php) [![Build Status](https://travis-ci.org/silkimen/cordova-plugin-advanced-http.svg?branch=master)](https://travis-ci.org/silkimen/cordova-plugin-advanced-http) + Cordova / Phonegap plugin for communicating with HTTP servers. Supports iOS and Android. This is a fork of [Wymsee's Cordova-HTTP plugin](https://github.com/wymsee/cordova-HTTP). @@ -108,13 +112,7 @@ Accept all SSL certificates. Or disable accepting all certificates. This defau }); ### validateDomainName -Whether or not to validate the domain name in the certificate. This defaults to true. - - cordovaHTTP.validateDomainName(false, function() { - console.log('success!'); - }, function() { - console.log('error :('); - }); +This function was removed in v1.6.2. Domain name validation is disabled automatically when you enable "acceptAllCerts". ### removeCookies Remove all cookies associated with a given URL. @@ -227,4 +225,4 @@ This plugin utilizes some awesome open source networking libraries. These are bo - iOS - [AFNetworking](https://github.com/AFNetworking/AFNetworking) - Android - [http-request](https://github.com/kevinsawicki/http-request) -We made a few modifications to http-request. +We made a few modifications to both of them. diff --git a/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java b/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java index 8a26e52..8595659 100644 --- a/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java +++ b/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java @@ -99,11 +99,7 @@ public class CordovaHttpPlugin extends CordovaPlugin { boolean accept = args.getBoolean(0); CordovaHttp.acceptAllCerts(accept); - callbackContext.success(); - } else if (action.equals("validateDomainName")) { - boolean accept = args.getBoolean(0); - - CordovaHttp.validateDomainName(accept); + CordovaHttp.validateDomainName(!accept); callbackContext.success(); } else if (action.equals("uploadFile")) { String urlString = args.getString(0); diff --git a/src/ios/CordovaHttpPlugin.h b/src/ios/CordovaHttpPlugin.h index 8c7b93a..4014626 100644 --- a/src/ios/CordovaHttpPlugin.h +++ b/src/ios/CordovaHttpPlugin.h @@ -6,7 +6,6 @@ - (void)enableSSLPinning:(CDVInvokedUrlCommand*)command; - (void)acceptAllCerts:(CDVInvokedUrlCommand*)command; -- (void)validateDomainName:(CDVInvokedUrlCommand*)command; - (void)disableRedirect:(CDVInvokedUrlCommand*)command; - (void)post:(CDVInvokedUrlCommand*)command; - (void)get:(CDVInvokedUrlCommand*)command; diff --git a/src/ios/CordovaHttpPlugin.m b/src/ios/CordovaHttpPlugin.m index d316a74..c5140d2 100644 --- a/src/ios/CordovaHttpPlugin.m +++ b/src/ios/CordovaHttpPlugin.m @@ -108,6 +108,7 @@ - (void)enableSSLPinning:(CDVInvokedUrlCommand*)command { bool enable = [[command.arguments objectAtIndex:0] boolValue]; + if (enable) { securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate]; } else { @@ -133,16 +134,7 @@ bool allow = [[command.arguments objectAtIndex:0] boolValue]; securityPolicy.allowInvalidCertificates = allow; - - pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK]; - [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId]; -} - -- (void)validateDomainName:(CDVInvokedUrlCommand*)command { - CDVPluginResult* pluginResult = nil; - bool validate = [[command.arguments objectAtIndex:0] boolValue]; - - securityPolicy.validatesDomainName = validate; + securityPolicy.validatesDomainName = !allow; pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK]; [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId]; diff --git a/www/advanced-http.js b/www/advanced-http.js index aa4ebcc..342470b 100644 --- a/www/advanced-http.js +++ b/www/advanced-http.js @@ -157,10 +157,10 @@ var http = { return exec(success, failure, 'CordovaHttpPlugin', 'acceptAllCerts', [allow]); }, disableRedirect: function(disable, success, failure) { - return exec(success, failure, "CordovaHttpPlugin", "disableRedirect", [disable]); + return exec(success, failure, 'CordovaHttpPlugin', 'disableRedirect', [disable]); }, validateDomainName: function (validate, success, failure) { - return exec(success, failure, 'CordovaHttpPlugin', 'validateDomainName', [validate]); + failure('advanced-http: "validateDomainName" is no more supported, please see change log for further info'); }, post: function (url, data, headers, success, failure) { handleMissingCallbacks(success, failure);