Add ignore ssl error parameter (#590)

* add ignoreSSLErrors parameter - just Android

* iOS implementation to allow ignore SSL Errors

* add documentation for ignoreSSLErrorsFlag

* remove log messages used for ignorSSLErrors debug

Author: jameshp

README.md

@@ -166,6 +166,32 @@ Set the `withLocalUrl` option to true in the launch function or in the Webview s
 
 Note that, on iOS, the `localUrlScope` option also needs to be set to a path to a directory. All files inside this folder (or subfolder) will be allowed access. If ommited, only the local file being opened will have access allowed, resulting in no subresources being loaded. This option is ignored on Android.
 
+### Ignoring SSL Errors
+
+Set the `ignoreSSLErrors` option to true to display content from servers with certificates usually not trusted by the Webview like self-signed certificates.
+
+**_Warning:_** Don't use this in production. 
+
+Note that on iOS you you need to add new key to `ios/Runner/Info.plist`
+
+```xml
+<key>NSAppTransportSecurity</key>
+<dict>
+    <key>NSAllowsArbitraryLoads</key>
+    <true/>
+    <key>NSAllowsArbitraryLoadsInWebContent</key>
+    <true/>
+</dict>
+```
+
+`NSAllowsArbitraryLoadsInWebContent` is for iOS 10+ and `NSAllowsArbitraryLoads` for iOS 9.
+Otherwise you'll still not be able to display content from pages with untrusted certificates.
+
+You can test your ignorance of ssl certificates is working e.g. through https://self-signed.badssl.com/ 
+
+
+
+
 ### Webview Events
 
 - `Stream<Null>` onDestroy
@@ -182,25 +208,30 @@ Note that, on iOS, the `localUrlScope` option also needs to be set to a path to
 
 ```dart
 Future<Null> launch(String url, {
-   Map<String, String> headers: null,
-   bool withJavascript: true,
-   bool clearCache: false,
-   bool clearCookies: false,
-   bool hidden: false,
-   bool enableAppScheme: true,
-   Rect rect: null,
-   String userAgent: null,
-   bool withZoom: false,
-   bool withLocalStorage: true,
-   bool withLocalUrl: true,
-   String localUrlScope: null,
-   bool scrollBar: true,
-   bool supportMultipleWindows: false,
-   bool appCacheEnabled: false,
-   bool allowFileURLs: false,
-   bool displayZoomControls: false,
-   bool useWideViewPort: false,
-   bool withOverviewMode: false,
+    Map<String, String> headers: null,
+    Set<JavascriptChannel> javascriptChannels: null,
+    bool withJavascript: true,
+    bool clearCache: false,
+    bool clearCookies: false,
+    bool hidden: false,
+    bool enableAppScheme: true,
+    Rect rect: null,
+    String userAgent: null,
+    bool withZoom: false,
+    bool displayZoomControls: false,
+    bool withLocalStorage: true,
+    bool withLocalUrl: true,
+    String localUrlScope: null,
+    bool withOverviewMode: false,
+    bool scrollBar: true,
+    bool supportMultipleWindows: false,
+    bool appCacheEnabled: false,
+    bool allowFileURLs: false,
+    bool useWideViewPort: false,
+    String invalidUrlRegex: null,
+    bool geolocationEnabled: false,
+    bool debuggingEnabled: false,
+    bool ignoreSSLErrors: false,
 });
 ```
 

android/flutter_webview_plugin.iml

@@ -126,6 +126,7 @@ void openUrl(MethodCall call, MethodChannel.Result result) {
         String invalidUrlRegex = call.argument("invalidUrlRegex");
         boolean geolocationEnabled = call.argument("geolocationEnabled");
         boolean debuggingEnabled = call.argument("debuggingEnabled");
+        boolean ignoreSSLErrors = call.argument("ignoreSSLErrors");
 
         if (webViewManager == null || webViewManager.closed == true) {
             Map<String, Object> arguments = (Map<String, Object>) call.arguments;
@@ -158,7 +159,8 @@ void openUrl(MethodCall call, MethodChannel.Result result) {
                 useWideViewPort,
                 invalidUrlRegex,
                 geolocationEnabled,
-                debuggingEnabled
+                debuggingEnabled,
+                ignoreSSLErrors
         );
         result.success(null);
     }

android/src/main/java/com/flutter_webview_plugin/FlutterWebviewPlugin.java

@@ -5,13 +5,15 @@
 import android.annotation.TargetApi;
 import android.app.Activity;
 import android.content.Context;
+import android.net.http.SslError;
 import android.os.Build;
 import android.os.Handler;
 import android.view.KeyEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.webkit.CookieManager;
 import android.webkit.GeolocationPermissions;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 import android.webkit.WebChromeClient;
 import android.webkit.WebSettings;
@@ -123,14 +125,24 @@ private Uri[] getSelectedFiles(Intent data) {
     BrowserClient webViewClient;
     ResultHandler resultHandler;
     Context context;
+    private boolean ignoreSSLErrors = false;
 
     WebviewManager(final Activity activity, final Context context, final List<String> channelNames) {
         this.webView = new ObservableWebView(activity);
         this.activity = activity;
         this.context = context;
         this.resultHandler = new ResultHandler();
         this.platformThreadHandler = new Handler(context.getMainLooper());
-        webViewClient = new BrowserClient();
+        webViewClient = new BrowserClient() {
+            @Override
+            public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
+                if (ignoreSSLErrors){
+                    handler.proceed();
+                }else {
+                    super.onReceivedSslError(view, handler, error);
+                }
+            }
+        };
         webView.setOnKeyListener(new View.OnKeyListener() {
             @Override
             public boolean onKey(View v, int keyCode, KeyEvent event) {
@@ -241,6 +253,7 @@ public boolean onShowFileChooser(
                 return true;
             }
 
+
             @Override
             public void onProgressChanged(WebView view, int progress) {
                 Map<String, Object> args = new HashMap<>();
@@ -365,7 +378,8 @@ void openUrl(
             boolean useWideViewPort,
             String invalidUrlRegex,
             boolean geolocationEnabled,
-            boolean debuggingEnabled
+            boolean debuggingEnabled,
+            boolean ignoreSSLErrors
     ) {
         webView.getSettings().setJavaScriptEnabled(withJavascript);
         webView.getSettings().setBuiltInZoomControls(withZoom);
@@ -388,6 +402,8 @@ void openUrl(
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
             webView.setWebContentsDebuggingEnabled(debuggingEnabled);
         }
+        //ignore SSL errors
+        this.ignoreSSLErrors = ignoreSSLErrors;
 
         webViewClient.updateInvalidUrlRegex(invalidUrlRegex);
 

android/src/main/java/com/flutter_webview_plugin/WebviewManager.java

@@ -27,8 +27,6 @@
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
       shouldUseLaunchSchemeArgsEnv = "YES">
-      <Testables>
-      </Testables>
       <MacroExpansion>
          <BuildableReference
             BuildableIdentifier = "primary"
@@ -38,8 +36,8 @@
             ReferencedContainer = "container:Runner.xcodeproj">
          </BuildableReference>
       </MacroExpansion>
-      <AdditionalOptions>
-      </AdditionalOptions>
+      <Testables>
+      </Testables>
    </TestAction>
    <LaunchAction
       buildConfiguration = "Debug"
@@ -61,8 +59,6 @@
             ReferencedContainer = "container:Runner.xcodeproj">
          </BuildableReference>
       </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
    </LaunchAction>
    <ProfileAction
       buildConfiguration = "Release"

example/ios/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme

@@ -41,5 +41,10 @@
 	</array>
 	<key>UIViewControllerBasedStatusBarAppearance</key>
 	<false/>
+	<key>NSAppTransportSecurity</key>
+	<dict>
+		<key>NSAllowsArbitraryLoadsInWebContent</key>
+		<true/>
+	</dict>
 </dict>
 </plist>

example/ios/Runner/Info.plist

@@ -9,6 +9,7 @@ @interface FlutterWebviewPlugin() <WKNavigationDelegate, UIScrollViewDelegate, W
     BOOL _enableZoom;
     NSString* _invalidUrlRegex;
     NSMutableSet* _javaScriptChannelNames;
+    NSNumber*  _ignoreSSLErrors;
 }
 @end
 
@@ -94,7 +95,7 @@ - (void)initWebview:(FlutterMethodCall*)call withResult:(FlutterResult)result {
     NSNumber *scrollBar = call.arguments[@"scrollBar"];
     NSNumber *withJavascript = call.arguments[@"withJavascript"];
     _invalidUrlRegex = call.arguments[@"invalidUrlRegex"];
-    
+    _ignoreSSLErrors = call.arguments[@"ignoreSSLErrors"];
     _javaScriptChannelNames = [[NSMutableSet alloc] init];
 
     WKUserContentController* userContentController = [[WKUserContentController alloc] init];
@@ -160,6 +161,21 @@ - (void)initWebview:(FlutterMethodCall*)call withResult:(FlutterResult)result {
     [self navigate:call];
 }
 
+- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {
+    if ([_ignoreSSLErrors boolValue]){
+        SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
+        CFDataRef exceptions = SecTrustCopyExceptions(serverTrust);
+        SecTrustSetExceptions(serverTrust, exceptions);
+        CFRelease(exceptions);
+        completionHandler(NSURLSessionAuthChallengeUseCredential,
+                          [NSURLCredential credentialForTrust:serverTrust]);
+    }
+    else {
+        completionHandler(NSURLSessionAuthChallengePerformDefaultHandling,nil);
+    }
+    
+}
+
 - (CGRect)parseRect:(NSDictionary *)rect {
     return CGRectMake([[rect valueForKey:@"left"] doubleValue],
                       [[rect valueForKey:@"top"] doubleValue],

ios/Classes/FlutterWebviewPlugin.m

@@ -140,6 +140,7 @@ class FlutterWebviewPlugin {
   /// - [displayZoomControls]: display zoom controls on webview
   /// - [withOverviewMode]: enable overview mode for Android webview ( setLoadWithOverviewMode )
   /// - [useWideViewPort]: use wide viewport for Android webview ( setUseWideViewPort )
+  /// - [ignoreSSLErrors]: use to bypass Android/iOS SSL checks e.g. for self-signed certificates
   Future<Null> launch(
     String url, {
     Map<String, String> headers,
@@ -165,6 +166,7 @@ class FlutterWebviewPlugin {
     String invalidUrlRegex,
     bool geolocationEnabled,
     bool debuggingEnabled,
+    bool ignoreSSLErrors,
   }) async {
     final args = <String, dynamic>{
       'url': url,
@@ -188,6 +190,7 @@ class FlutterWebviewPlugin {
       'geolocationEnabled': geolocationEnabled ?? false,
       'withOverviewMode': withOverviewMode ?? false,
       'debuggingEnabled': debuggingEnabled ?? false,
+      'ignoreSSLErrors': ignoreSSLErrors ?? false,
     };
 
     if (headers != null) {

lib/src/base.dart

@@ -39,6 +39,7 @@ class WebviewScaffold extends StatefulWidget {
     this.invalidUrlRegex,
     this.geolocationEnabled,
     this.debuggingEnabled = false,
+    this.ignoreSSLErrors = false,
   }) : super(key: key);
 
   final PreferredSizeWidget appBar;
@@ -70,6 +71,7 @@ class WebviewScaffold extends StatefulWidget {
   final bool withOverviewMode;
   final bool useWideViewPort;
   final bool debuggingEnabled;
+  final bool ignoreSSLErrors;
 
   @override
   _WebviewScaffoldState createState() => _WebviewScaffoldState();
@@ -174,6 +176,7 @@ class _WebviewScaffoldState extends State<WebviewScaffold> {
               invalidUrlRegex: widget.invalidUrlRegex,
               geolocationEnabled: widget.geolocationEnabled,
               debuggingEnabled: widget.debuggingEnabled,
+              ignoreSSLErrors: widget.ignoreSSLErrors,
             );
           } else {
             if (_rect != value) {