HTTPS POST requests not working in release build

#1

Hi there, I’m having a lot of trouble trying to make https post requests to an API work in production builds of the app.
The app works perfectly in the debug build.

These are the Ionic and Cordova versions

Ionic:

   ionic (Ionic CLI)  : 4.9.0 (/usr/lib/node_modules/ionic)
   Ionic Framework    : ionic-angular 3.9.2
   @ionic/app-scripts : 3.2.0

Cordova:

   cordova (Cordova CLI) : 8.1.2 (cordova-lib@8.1.1)
   Cordova Platforms     : android 7.1.4
   Cordova Plugins       : cordova-plugin-ionic-keyboard 2.1.3, cordova-plugin-ionic-webview 2.2.5, (and 8 other plugins)

System:

   NodeJS : v11.6.0 (/usr/bin/node)
   npm    : 6.6.0
   OS     : Linux 4.19

The https post requests are made through the Angular http library.

I’ve tested solutions that can be found in the following threads:



The solutions applied were:

http://ivancevich.me/articles/ignoring-invalid-ssl-certificates-on-cordova-android-ios/

Adding CSP to the index.html

<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src 'self' data:; style-src 'self'; font-src 'self';">

But with no luck.
The certificate used in the webpage where the API is stored is from Let’s Encrypt, is it compatible?

Am I just missing something here?

#2

Hi,

I have the same issue.
Did you get a solution?

#3

I had to use cordova-plugin-advanced-http and change my code so I could do this.http.setSSLCertMode('nocheck'); until I can get the final certificate so I can do SSL Pinning.
This is how I changed my code.

Angular HTTP:

postData(data, object, type) {
   return new Promise((resolve, reject) => {
     var headers = new Headers();
     headers.append('Access-Control-Allow-Origin' , '*');
     headers.append('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT');
     headers.append('Accept','application/json');
     headers.append('content-type','application/json');
     let options = new RequestOptions({headers:headers});

     this.http.post(url, data, options)
       .subscribe(res => {
         resolve(res.json());
       }, (err) => {
         reject(err);
       });
   });
 }

to

Cordova/Ionic Native HTTP:

postData(data, object, type) {
  return new Promise((resolve, reject) => {
    //Don't check SSL Certificate
    this.http.setSSLCertMode('nocheck');
    this.http.setHeader('*', 'Access-Control-Allow-Origin' , '*');
    this.http.setHeader('*', 'Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT');
    this.http.setHeader('*', 'Accept','application/json');
    this.http.setHeader('*', 'content-type','application/json');
    //Important to set the data serializer or the request gets rejected
    this.http.setDataSerializer('json');
    this.http.post(url, data, {}).then(res =>{
      resolve(JSON.parse(res.data));
    })
    .catch(err =>{
      reject(err);
    });
  });
}

This allowed the HTTPS POST requests to work in the release build

1 Like