• Replies 11 replies
  • Subscribers 15 subscribers
  • Views 2950 views
  • Users 0 members are here
Options
Related

makeWebRequest() to NON-https website

DEXTER
over 7 years ago
Hi!

I'm trying to make webrequest to a non-https site with minSDK version 2.3.x, and I always get a SECURE_CONNECTION_REQUIRED = -1001 back as a response code.

Searching through the web I found this:
https://developer.garmin.com/index.php/blog/post/connect-iq-important-updates
"In light of this, Connect IQ will require that calls to makeWebRequest communicate only with ATS compliant servers. In a future update the simulator is now going to check to make sure that all requests are talking to properly secured servers"

Am I seeing this right? Because of Apple "invented" something called ATS, noone can make a webrequest to a non-https site, not even on android? Or am I just being dumb?
  • over 7 years ago
    For testing in the sim, you can uncheck "Settings>Use Device HTTPS Requirements"

    I have no idea if http still works on any watches (maybe just with Android), as I moved to https in all my app a while back.
  • over 7 years ago
    Am I seeing this right? Because of Apple "invented" something called ATS, noone can make a webrequest to a non-https site, not even on android? Or am I just being dumb?
    That's about right, yes. I do not think it's enforced yet, but at some point http will not work even with android. You have to enable use of http in the simulator now. I too had to change to https because of this. Probably good really, but getting free certificates is a bit of a pain.

  • over 7 years ago
    Oh, I didn't know that there's an option for that in the simulator. Thank you for that.
    Since I don't have a real hardware yet, I have to do everything in a simulator. I'm doing this to find out if it is possible to port my Pebble app to Garmin and if it is, I may replace my trusty old Pebble Steel. (Though Garmin still has way too much fitness and way too few smartness, but they are the closest resemblance to a Pebble)

    The unfortunate thing is that I use a public web service through that makeWebRequest() and they don't have a https site, only http (to be honest the 's' is really not needed for them).
    So if Garmin forces this thing I'll have to make a companion app just for a simple webrequest which is really a pita.
    And that also makes everyone who try to use a 3rd party webservice through http (because they don't have a choice) to make a companion app.

    One more question not related to this topic (should I create another one for this?):
    - If the watch is connected to a phone, does the position api use the phone's location service somehow? I don't know how fast a lock is on the watch but an Android can give you a very accurate location immediately usually. (depending on the settings on the phone)
  • over 7 years ago
    - If the watch is connected to a phone, does the position api use the phone's location service somehow? I don't know how fast a lock is on the watch but an Android can give you a very accurate location immediately usually. (depending on the settings on the phone)


    No, it doesn't use the phone's location services. Bear in mind you can only fire up GPS in widgets and watch apps, not in watch faces. You can however get the last lat/lon from a GPS activity (until it goes stale). When I get a location in a watch face I cache it in case it does go stale.

    Depending on a number of factors (the watch model, where you are, etc), you get get a GPS location fairly quickly (a few seconds)

  • over 7 years ago


    Thanks for the info. I'm making a watchapp for now, and maybe later if I'll have a watch and cannot find a good enough face, I'll make one.
  • over 7 years ago
    The unfortunate thing is that I use a public web service through that makeWebRequest() and they don't have a https site, only http (to be honest the 's' is really not needed for them).
    So if Garmin forces this thing I'll have to make a companion app just for a simple webrequest which is really a pita.
    And that also makes everyone who try to use a 3rd party webservice through http (because they don't have a choice) to make a companion app.
    The other alternative would be to host your own site that used https and simply forwarded the request on to the http site. That might be simpler/easier than a companion app if this is all it is going to do.

  • over 7 years ago
    Have you contacted the website to see if they will add https support? That would be my first step.

    If not, I'd look for another site with the needed data that does support https.

    To be honest, last on my list would be a companion app.
  • over 7 years ago
    This definitely took a bunch of us by surprise. For better or worse, it forced me to figure out how to upgrade my home server to https. I would contact the website and see if they can add https support. Even for sites where it isn't that important, they'll probably have to sooner or later.
  • over 7 years ago
    Unfortunately that won't work.
    I'm still relying on that it'll work on Android. (without a device it is really hard to tell :) )
  • over 7 years ago
    I'm using cloudflare to provide HTTPS to my non-HTTPS server.

    Note this is my server, it probably won't work for a third party one.

    Here are the instructions I followed:

    - Register with Cloudflare.com. Choose free plan.
    - Configure as it asks you to (change DNS servers to Cloudflare's)
    - Configure Cloudflare to route your traffic through their servers (orange clouds on DNS tab)
    - Flush local DNS cache and ping {yourDomain.com} to check if it is associated with Cloudflare
    - Check if everything is still working
    - Choose "flexible" SSL on Crypto tab
    - Check if HTTPS works for {yourDomain.com}

    I really don't understand it much, but have been using it for a couple of months now and it seems to do the trick.