Ionic http get from non-ssl websites with CORS settings

I have my website enabled with CORS. I am able to check my links using Postman and it is working perfect.

The Ionic application I am developing also is working fine when I use these links from the browser. The moment i run the application in an android phone it stops working. The following is the error message I got.

    {
      "headers": {
        "normalizedNames": {},
        "lazyUpdate": null,
        "headers": {}
      },
      "status": 0,
      "statusText": "Unknown Error",
      "url": "http://subdomain.mydomain.com/DataServer/Country",
      "ok": false,
      "name": "HttpErrorResponse",
      "message": "Http failure response for http://subdomain.mydomain.com/DataServer/Country: 0 Unknown Error",
      "error": {
        "isTrusted": true
      }
    }

Please note that the site from which I am trying to get the data is http, not https. When I tried to get data from a https it works. I tried to get the data from the following

https://jsonplaceholder.typicode.com/todos/1

The code

 this.http.get('https://jsonplaceholder.typicode.com/todos/1').subscribe((response) => {
      alert("Success: " + JSON.stringify(response));
    }, (err) => {
      alert("Error: " + JSON.stringify(err));
    });

The problem looks like Ionic (Cordova) is blocking http.get requests from http websites.. (Non-secured). Is there a way to override this?

1 answer

  • answered 2020-03-31 16:57 Mostafa Harb

    Its not cordova problem , the problem is in your version if you test it on version less than 28 then it will run normally, but for version more than 28 , android disable any request if its not https for security reasons, in order to overcome this problem, u can either get a free ssl from any ssl sites and put it on your domain or their are website that you put before your domain like https://sslspecificsitename?site=http://yoursite.com. So its role is to fake anddroid request that request is https and then redirect and make the request to your website. But the first is better since any website you write infront of your link could be stopped or deleted by its owner so your app will stip so go and get a free ssl.