Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add cleartext traffic check #122

Open
wants to merge 16 commits into
base: main
Choose a base branch
from

Conversation

akindofyoga
Copy link

When someone tries to open a Websocket connection without using TLS (ie "ws:" instead of "wss:") on Android 9 and newer, the connection will fail and Scarlet will not provide any information about this to the developer. This confused me as well as the author of this post.

Okhttp has a similar check here.

I check for a ClassNotFoundException, so it should not cause any issues for non-Android apps that use Scarlet.

@aaronweihe
Copy link
Collaborator

thanks for the contribution @rogerthat94! Just a few nits

@akindofyoga
Copy link
Author

Thank you for making this helpful library! I'm happy to give back with a small contribution.

I hope this addresses the nits.

@aaronweihe
Copy link
Collaborator

@rogerthat94 sorry it's been a while. if you can resolve conflicts, i'd be more than happy to accept this change. Thanks!

@CLAassistant
Copy link

CLAassistant commented May 8, 2020

CLA assistant check
All committers have signed the CLA.

@akindofyoga
Copy link
Author

@aaronweihe No problem! I have just resolved conflicts.

@akindofyoga
Copy link
Author

ping @aaronweihe

@akindofyoga
Copy link
Author

@aaronweihe Are you still interested in this change? I can rebase it on top of the latest version of the code if so.

Copy link
Collaborator

@aaronweihe aaronweihe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me. Can you sign the CLA?


fun OkHttpClient.newWebSocketFactory(requestFactory: RequestFactory): WebSocket.Factory {
return OkHttpWebSocket.Factory(OkHttpClientWebSocketConnectionEstablisher(this, requestFactory))
}

fun OkHttpClient.newWebSocketFactory(url: String): WebSocket.Factory {
if (url.startsWith("ws:", ignoreCase = true)) {
try {
if ((Build.VERSION.SDK_INT > 23 &&
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the Platform#isCleartextTrafficPermitted abstraction. we could tackle it in the next PR

@akindofyoga
Copy link
Author

Thanks! I have signed the CLA. Is there anything else that you would like me to do?

@akindofyoga akindofyoga requested a review from aaronweihe March 15, 2022 19:35
@akindofyoga
Copy link
Author

@aaronweihe Are you able to merge this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants