1 Reply Latest reply on Aug 10, 2016 10:19 AM by joe_bowser

    Phonegap app ssl security

    likusoft Level 1

      Good morning , I've a question..

      In my file index.js  add a request ajax to a https server..

       

      example code :

       

      $.ajax(

        {

        url: <myServerHttps>,

        type: "POST",

        data: <xmlFile>,

        contentType: "text/xml",

        dataType: "xml"
         });

       

       

       

      The data transmission is encrypted ? Phonegap Webview natively supports ssl handshake with a https server (for example what happens in a normal web browser and a server)?

      Or do I have to install a special plugin??

       

      Thanks

      Angelo

        • 1. Re: Phonegap app ssl security
          joe_bowser Adobe Employee (Admin)

          Hey

           

          Yes, the data trasmission is encrypted and the encryption is handled by the WebView on each platform just like a normal web server.  However, PhoneGap doesn't support advanced security features such as SSL certificate pinning out of the box, and you have to install third party plugins to add additional security.  In addition, PhoneGap does not allow self-signed certificates when an application is released, only for development, so you have to make sure to get your proper SSL certificate set up on your server before you publish your application.

           

          Hopefully this explains the security situation.  For more information, check out this Cordova post on Security:

          Security Guide - Apache Cordova

          1 person found this helpful