iOS Question ios not secure call from webview

[billyrudi]

hi,
how i can make calls from webview to a non secure server? http fetch call?

In android i solve this with


#if Java


import android.webkit.*;
public static void setWebViewContentMode(WebView wv) {
wv.getSettings().setMixedContentMode(WebSettings.MIXED_CONTENT_ALWAYS_ALLOW);
}


import android.content.*;
import android.content.res.*;
@override
protected void attachBaseContext(Context newBase) {
super.attachBaseContext(newBase);
final Configuration override = new Configuration(newBase.getResources().getConfiguration());
override.fontScale = 1.0f;
applyOverrideConfiguration(override);
BA.Log("attachBaseContext");
}
#End If

tanks Paolo

 

[Semen Matusovskiy]

You need to disable ATS completely or for certain domains.
Read https://www.b4x.com/android/forum/threads/ats-app-transport-security.74281/#content
No code is needed. #PlistExtra (in Project_Attributes) only.

 

[billyrudi]

it does not works. htto requests in my webapp are not executed

 

[Semen Matusovskiy]

Guess, you did something wrong Can you post small project ?

 

[billyrudi]

this is the project attributes region

'Code module
#Region Project Attributes
#ApplicationLabel: ArtevivaConnect
#Version: 2106181
'Orientation possible values: Portrait, LandscapeLeft, LandscapeRight and PortraitUpsideDown
#iPhoneOrientations: Portrait
#iPadOrientations: Portrait
#Target: iPhone
#MinVersion: 9
#PlistExtra: <key>UIViewControllerBasedStatusBarAppearance</key><false/>
#ATSEnabled: False
#PlistExtra: <key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/>
#PlistExtra: <key>NSAllowsArbitraryLoadsInWebContent</key><true/>
#PlistExtra: </dict>
#End Region

i load a website:
WebView1.LoadUrl("https://...../u/arteviva?id=" & global.imei )


inside the webapp i have this javascript

let ssel = "Select * from insegnanti where IDInsegnante = " +id
let response = fetch(pp.context.appActions.dataSlots['ds_ipef'] + "/eseguisql?email=" + pp.context.appActions.dataSlots['ds_Email'] +"&password=" + password + "&query=" + ssel,{cache: "no-store" })
.then(response => response.json())
.then(data => {

where
pp.context.appActions.dataSlots['ds_ipef']
is like
http://......it:1880

 

[Semen Matusovskiy]

It looks that a problem not in http, because you disabled ATS completely.

Don't change ATSEnabled, simply add

#PlistExtra: <key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoadsInWebContent</key><true/></dict>

This allows insecure content inside WebView.