Note: This plugin is inspired by nativescript-ssl-pinning. Most of the code is taken from this. I've added angular support and also fixed some long term issues. Huge thanks to the original creator.
Some of the fixed issues are as follows
- No support for wild card certificates.
- The nativescript-https module did not handle any error responses (400 - 500).
- Out of the box angular support no need to update previous apps just update the HttpClient module import.
- Added support for multipart forms.
- Modern TLS & SSL security features
- Shared connection pooling reduces request latency
- Silently recovers from common connection problems
- Everything runs on a native background thread
- Transparent GZIP
- HTTP/2 support
What the flip is SSL pinning and all this security mumbo jumbo?
Do I have to use SSL pinning?
No. This plugin works out of the box without any security configurations needed. Either way you'll still benefit from all the features listed above.
git clone https://github.com/sai-gmbh/nativescript-ssl-pinningcd nativescript-ssl-pinning/srcnpm run demo.iosnpm run demo.androidnpm run demo-angular.iosnpm run demo-angular.android
tns-platform-declarations for Android and iOS to your
We also recommend adding
"skipLibCheck": true, to your
More information on that can be found here.
Install the plugin:
tns plugin add nativescript-ssl-pinning
Hitting an API using
SslPinning.request.thenconsole.log'response', response.catchconsole.error'error', error;
NativescriptSslPinningHttpClientModule internally overrides Angular's XHRBackend to make request through our SSL Plugin and transforms it back to angular responses. This will keep the interceptors functionality intact.
Installing your SSL certificate
Create a folder called
assets in your projects
app folder like so
Enabling SSL pinning
Once you've enabled SSL pinning you CAN NOT re-enable with a different
Disabling SSL pinning
All requests after calling this method will no longer utilize SSL pinning until it is re-enabled once again.
||This must be the top level domain name eg
||The uri path to your
Webpack / bundling
Since you're probably shipping a certificate with your app,
make sure it's bundled by Webpack as well. You can do this by adding the certificate(s) with the
from: glob: "fonts/**"from: glob: "**/*.jpg"from: glob: "**/*.png"from: glob: "**/*.cer" // add this line in webpack.config.jsignore: `/**`
App Transport Security before starting beef!Please educate yourself on iOS's
If you try and hit an
https route without adding it to App Transport Security's whitelist it will not work!
You can bypass this behavior by adding the following to your projects
This plugin does not add
NSAllowsArbitraryLoadsto your projects
If you app crashes with a message that it's doing too much networkin on the main thread,
then pass the option
allowLargeResponse with value
true to the
- Multipart form requests are not supported by the plugin yet. For Angular users they'll go through Angular's own XHR but for native users it might fail.
|Robert Laverty||For creating and maintaining this plugin for a long time, before transfering it to me, with the help of Jeff Whelpley of GetHuman.|
|AFNetworking||AFNetworking A delightful networking framework for iOS, OS X, watchOS, and tvOS.|
|Square||okhttp An HTTP+HTTP/2 client for Android and Java applications.|