Giter Site home page Giter Site logo

telerik-verified-plugins / securehttp Goto Github PK

View Code? Open in Web Editor NEW

This project forked from wymsee/cordova-http

34.0 8.0 31.0 206 KB

Cordova / Phonegap plugin for communicating with HTTP servers. Allows for SSL pinning!

License: MIT License

Java 83.64% Objective-C 16.36%

securehttp's Introduction

cordovaHTTP

Cordova / Phonegap plugin for communicating with HTTP servers. Supports iOS and Android.

Advantages over Javascript requests

  • Background threading - all requests are done in a background thread.
  • SSL Pinning - read more at LumberBlog.

Installation

The plugin conforms to the Cordova plugin specification, it can be installed using the Cordova / Phonegap command line interface.

phonegap plugin add https://github.com/wymsee/cordova-HTTP.git

cordova plugin add https://github.com/wymsee/cordova-HTTP.git

Usage

AngularJS

This plugin creates a cordovaHTTP service inside of a cordovaHTTP module. You must load the module when you create your app's module.

var app = angular.module('myApp', ['ngRoute', 'ngAnimate', 'cordovaHTTP']);

You can then inject the cordovaHTTP service into your controllers. The functions can then be used identically to the examples shown below except that instead of accepting success and failure callback functions, each function returns a promise. For more information on promises in AngularJS read the AngularJS docs. For more info on promises in general check out this article on html5rocks. Make sure that you load cordova.js or phonegap.js after AngularJS is loaded.

Not AngularJS

This plugin registers a cordovaHTTP global on window

Functions

All available functions are documented below. Every function takes a success and error callback function as the last 2 arguments.

useBasicAuth

This sets up all future requests to use Basic HTTP authentication with the given username and password.

cordovaHTTP.useBasicAuth("user", "password", function() {
    console.log('success!');
}, function() {
    console.log('error :(');
});

setHeader

Set a header for all future requests. Takes a header and a value.

cordovaHTTP.setHeader("Header", "Value", function() {
    console.log('success!');
}, function() {
    console.log('error :(');
});

enableSSLPinning

Enable or disable SSL pinning. To use SSL pinning you must include at least one .cer SSL certificate in your app project. You can pin to your server certificate or to one of the issuing CA certificates. For ios include your certificate in the root level of your bundle (just add the .cer file to your project/target at the root level). For android include your certificate in your project's platforms/android/assets folder. In both cases all .cer files found will be loaded automatically. If you only have a .pem certificate see this stackoverflow answer. You want to convert it to a DER encoded certificate with a .cer extension.

As an alternative, you can store your .cer files in the www/certificates folder.

cordovaHTTP.enableSSLPinning(true, function() {
    console.log('success!');
}, function() {
    console.log('error :(');
});

acceptAllCerts

Accept all SSL certificates. Or disable accepting all certificates.

cordovaHTTP.acceptAllCerts(true, function() {
    console.log('success!');
}, function() {
    console.log('error :(');
});

post

Execute a POST request. Takes a URL, parameters, and headers.

success

The success function receives a response object with 2 properties: status and data. Status is the HTTP response code and data is the response from the server as a string. Here's a quick example:

{
    status: 200,
    data: "{'id': 12, 'message': 'test'}"
}

Most apis will return JSON meaning you'll want to parse the data like in the example below:

cordovaHTTP.post("https://google.com/", {
    id: 12,
    message: "test"
}, { Authorization: "OAuth2: token" }, function(response) {
    // prints 200
    console.log(response.status);
    try {
        response.data = JSON.parse(response.data);
        // prints test
        console.log(response.data.message);
    } catch(e) {
        console.error("JSON parsing error");
    }
}, function(response) {
    // prints 403
    console.log(response.status);
    
    //prints Permission denied 
    console.log(response.error);
});

failure

The error function receives a response object with 2 properties: status and error. Status is the HTTP response code. Error is the error response from the server as a string. Here's a quick example:

{
    status: 403,
    error: "Permission denied"
}

get

Execute a GET request. Takes a URL, parameters, and headers. See the post documentation for details on what is returned on success and failure.

cordovaHTTP.get("https://google.com/", {
    id: 12,
    message: "test"
}, { Authorization: "OAuth2: token" }, function(response) {
    console.log(response.status);
}, function(response) {
    console.error(response.error);
});

uploadFile

Uploads a file saved on the device. Takes a URL, parameters, headers, filePath, and the name of the parameter to pass the file along as. See the post documentation for details on what is returned on success and failure.

cordovaHTTP.uploadFile("https://google.com/", {
    id: 12,
    message: "test"
}, { Authorization: "OAuth2: token" }, "file:///somepicture.jpg", "picture", function(response) {
    console.log(response.status);
}, function(response) {
    console.error(response.error);
});

downloadFile

Downloads a file and saves it to the device. Takes a URL, parameters, headers, and a filePath. See post documentation for details on what is returned on failure. On success this function returns a cordova FileEntry object.

cordovaHTTP.downloadFile("https://google.com/", {
    id: 12,
    message: "test"
}, { Authorization: "OAuth2: token" }, "file:///somepicture.jpg", function(entry) {
    // prints the filename
    console.log(entry.name);
    
    // prints the filePath
    console.log(entry.fullPath);
}, function(response) {
    console.error(response.error);
});

Libraries

This plugin utilizes some awesome open source networking libraries. These are both MIT licensed:

We made a few modifications to http-request. They can be found in a separate repo here: https://github.com/wymsee/http-request

Limitations

This plugin isn't equivalent to using XMLHttpRequest or Ajax calls in Javascript. For instance, the following features are currently not supported:

  • cookies support (a cookie set by a request isn't sent in subsequent requests)
  • read content of error responses (only the HTTP status code and message are returned)
  • read returned HTTP headers (e.g. in case security tokens are returned as headers)

Take this into account when using this plugin into your application.

License

The MIT License

Copyright (c) 2014 Wymsee, Inc

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

securehttp's People

Contributors

allie-wake-up avatar andrey-tsaplin avatar csullivan102 avatar cvillerm avatar devgeeks avatar dmcnamara avatar eddyverbruggen avatar hideov avatar mattiusascentms avatar mbektchiev avatar mudbathinfo avatar pvsaikrishna avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

securehttp's Issues

Client Certificate Authentication?

@EddyVerbruggen - since you have forked this plugin and made it more specific to being a secure http plugin, would you be interested in client certificate authentication so it can handle mutual auth, not just pinning?

I have added it to my fork of cordova-HTTP and could make a PR for here, then just use this one instead.

Issue with POST requests

We are using this plugin to enable SSL-Pinning in a Ionic 2 enviroment. Unfortunately the POST-requests fail with JSON-parse error on the serverside. When I JSON.stringify the body it also doesn't work since an object is expected.

Did anybody else have similar issues?

Cordova CLI: 6.5.0
Ionic Framework Version: 2.0.0
Ionic CLI Version: 2.2.1
Ionic App Lib Version: 2.2.0
Ionic App Scripts Version: 1.1.4
ios-deploy version: 1.9.1
ios-sim version: Not installed
OS: macOS Sierra
Node Version: v7.6.0
Xcode version: Xcode 8.3.2 Build version 8E2002

Thanks for the help.

ios 8/9, non trusted request are executed

I'm using the plugin with android and iOS 8/9
After copying the certificates in the www/certificates folder and in the proper platform directory (just to be sure) and enabling ssl pinning in android i can see all the request to not trusted domain blocked. In iOS every request is allowed and served.

Clobber XMLHttpRequest

Currently the plugin requires a brand new Http API to be used instead of familiar ones like jQuery's Ajax or Angular's $http.It would be great if this plugin clobbers the root XMLHttpRequest so that everything works out of the box

Abort?

As the title suggests, I would like to know if it's easy to add an abort method for the request? I'm not an objective-c or java expert though.

Only happening on iOS, but returns 400?

this URL returns to be valid, but with AFNetworking, it returns as 400

http://ciapi.cityindex.com/TradingApi/clientapplication/versioninformation?AppKey=iPhone

any idea?

missing command error

window.cordovaHTTP.get(
  "https://platform.telerik.com",
  {}, // optional params
  {}, // optional headers
  function(msg) {alert("OK: " + msg)},
  function(msg) {alert("ERROR: " + msg)}
);

msg: missing command error

Can someone tell me what's going on?

client cert?

Hello there, is it possible to use this plugin to work with client certificates? My app won't know the certificate that needs to be accepted, so I can't really store any certificates in my root/assets folder.
As of today, any sites that need client certificates don't work on iOS or Android devices using cordova - they work well using regular browsers though.

HTTP PUT method

Hey!

Nice Plugin, but why is there no PUT or DELETE HTTP method?

Thank you!
Kirrg

com.telerik.afnetworking offline

The plugin cannot be installed because npm package com.telerik.afnetworking is offline

Error: Failed to fetch plugin com.telerik.afnetworking via registry.
Probably this is either a connection problem, or plugin spec is incorrect.
Check your connection and plugin name/version/URL.
Error: Registry returned 404 for GET on https://registry.npmjs.org/com.telerik.afnetworking

android: acceptAllCerts doesn't call callbacks

As per API/doc, acceptAllCerts should call one of its success/failure callback but it's not doing so. At least on android, the CordovaHttpPlugin's execute method is not calling success()/error() on callbackContext for the "acceptAllCerts" as it is doing for the "enableSSLPinning" case.

How can one POST application/json with this?

I have been trying to use this plugin to post jsons to a REST api, I simply can't.

It always sends as application/x-www-form-urlencoded and tries to parse my json into params.

eg:

{
"id":1,
"name": "John Doe"
 }

becomes: id=1&name=John+Doe

Generic Error Messages in iOS

When my server returns error, the body is a jSON object of the error details. In android, this comes through fine, but in iOS, it's simply coming back as a detail of whatever error code i pass. So when I pass a 400 with error details, iOS returns "Request failed: bad request (400)." The library should still show the data from the response even though it is an error.

Add PUT and DELETE to return a promise

Thanks for adding PUT and DELETE method.

We are currently using this plugin with Cordova and Angular1, Can you please modify the "cordovaHTTP.js" file to return a promise for PUT and DELETE method.

Thanks

error: package org.apache.cordova.file does not exist

Can't seem to get this to build on android.

:compileDebugJava/Users/admin/Projects/test-app/client/platforms/android/src/com/synconset/CordovaHttpDownload.java:20: error: package org.apache.cordova.file does not exist
import org.apache.cordova.file.FileUtils;
                              ^
/Users/admin/Projects/test-app/client/platforms/android/src/com/synconset/CordovaHttpDownload.java:48: error: cannot find symbol
                JSONObject fileEntry = FileUtils.getEntry(file);
                                       ^
  symbol:   variable FileUtils
  location: class CordovaHttpDownload
Note: Some input files use or override a deprecated API.
Cordova CLI: 5.4.0
Gulp version:  CLI version 3.9.0
ios-deploy version: 1.8.2 
ios-sim version: 5.0.3 
OS: Mac OS X El Capitan
Node Version: v5.0.0
Xcode version: Xcode 7.1 Build version 7B91b 

I tried installing the latest cordova-file-plugin but I'm still getting this error. Maybe it has something to do with gradle?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.