npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cordova-plugin-sslsupport

v1.2.4

Published

Cordova HTTP plugin with SSL Pinning for iOS (AFnetworking) and Android (OKhttp3)

Downloads

39

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

wallethubwallethub

Keywords

ecosystem:cordovacordova-androidcordova-ios

Readme

cordova-plugin-sslsupport

Cordova HTTP plugin with SSL Pinning for iOS (AFnetworking) and Android (OKhttp3)

Breaking changes between 1.0.x and 1.1.x

  • removed setHeader method, used in iOS for setting global headers
  • for a more effective ssl pinning and flexibility of making requests that rely on system's certificates, iOS now required target attribute on certificate resources, similar to Android: previously (for iOS):
<resource-file src="certificates/somecertificate.cer" />

now (for iOS):

<resource-file src="certificates/somecertificate.cer" target="certificates/example.com.cer" />

Take not that this setting will be active for subdomains also. If you have different certificates for the subdomain, specify the subdomain as target for your certificate:

<resource-file src="certificates/subdomaincert.cer" target="certificates/subdomain.example.com.cer" />

About

This plugin provides the ability to make http requests using native code which brings several advantages over the webview XMLHttpRequest

Main Advantages

  • Native HTTP requests using popular libraries : AFnetworking 3.x (iOS) and okhttp3 (Android).
  • SSL Pinning - read more at LumberBlog.
  • WkWebView Support. Because the requests are handled at the native side there is no concern for CORS rules
  • Cookies support

Installation

cordova plugin add cordova-plugin-sslsupport

Usage

enableSSLPinning

Enable or disable SSL pinning. This defaults to true.

sslHTTP.enableSSLPinning(true, function() {
    console.log('success!');
}, function() {
    console.log('error :(');
});

In order for pinning to work you must provide certificates and domain in config.xml:

<platform name="ios">
    <resource-file src="certificates/somecertificate.cer" target="certificates/domain.cer" />
    ....
</platform>
....
<platform name="android">
    <!-- domain pinning -->
    <resource-file src="certificates/somecertificate.cer" target="assets/certificates/example.com.cer" />
    <!-- subdomain pinning -->
    <resource-file src="certificates/subdomaincertificate.cer" target="assets/certificates/*.example.com.cer" />
    ....
</platform>

Where the certificates folder it placed on the root of your cordova project. For Android you have to provide as the certificate name the domain name, while on iOS the certificate itself is sufficient. We recommend using the Intermediate Certificate of the domain in order to have a longer expiration time as everytime they expire you must re-compile a new package with the new certificates.

The following screenshot shows an example of how to extract the certifcate of a domain using google chrome:

acceptAllCerts

Accept all certificates. This is usefull when its needed to allow self signed certificates. Default is false.

sslHTTP.acceptAllCerts(true, function() {
    console.log('success!');
}, function() {
    console.log('error :(');
});

validateDomainName

Whether or not to validate the domain name in the certificate. Default is true.

sslHTTP.validateDomainName(true, function() {
    console.log('success!');
}, function() {
    console.log('error :(');
});

getCookies

Get currently stored cookies. Internally, the plugin will store any cookie, passing it along with any request, but to javascript only cookies which do not have httpOnly flag will be available for reading. The plugin tries to follow the standard browser security settings when it comes to cookies. Cookies are not shared with the webview.

sslHTTP.getCookies(domain, function(cookies) {
    console.log(cookies);
}, function() {
    console.log('error :(');
});

If you wish to get cookies from all domains pass null or all as domain value. The success callback recevies the following object:

{
    cookiename : { path: <string>, value : <string>, name:<string>, domain:<string> }
}

New in 1.1 - download

Perform a DOWNLOAD request

sslHTTP.download(params,function(response){
    console.log(response);
},function(error){
    console.log(error);
})

Where params is an object:

{
    ur: string,
    destination : string, // optional
    headers: {[key:string]:string}
}

And response is :

{ progress : number , url :string  }

Response will give progress as a range between 0 and 1 and will only provide value for url once download is completed. url represents the absolute path where the file has been downloaded.

post

Perform a POST request.

sslHTTP.post(params,function(response){
    console.log(response);
},function(error){
    console.log(error);
})

Where params is an object:

{
    url : <string>,
    data: { .. },
    header: { ... }
    id : <string>
}

If id is provide it can be using in .cancelRequest method to cancel the request. For the success callback the following object will be passed:

{
    status : <number>
    data : <string>
    header: <object>
}

For the failed callback the following object will be passed:

{
    data:<string>, // raw data that came with the response, in case of some server error
    errorcode:<number>,  // native error code
    errordomain:<string>, // ios native error domain
    errorinfo:<string>,  // native error description
    httperrorcode:<number> // http error code
}

In iOS errorcode along with errodomain belong to NSURLErrorDomain For both platforms the following codes represent ssl issues: -1022,-1200,-1201,-1202,-1203,-1204,-1205,-1206

get

Perform a GET request.

sslHTTP.get(params,function(response){
    console.log(response);
},function(error){
    console.log(error);
})

The params, response, error objects are similar to that of .post.

cancelRequest

Cancel the current request or a request matching the given id.

sslHTTP.cancelRequest(id,function(response){
    console.log('success!');
}, function() {
    console.log('error :(');
});

If id is null it will cancel the most recent request that is still in progress.

License

The MIT License

Copyright (c) 2017 Evolution Finance, Inc

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.