Android app Sign in ▾ UI widget fails to appear using https yet OK using http

planckdensity · December 5, 2016, 10:43pm

There is a Cordova issue when trying to deploy onto Android which I have tracked down and can now see same issue in the default Meteor example app :

          https://github.com/meteor/simple-todos

When deployed using https through nginx the Account sign-in widget
which should appear on the initial screen (see screenshot below)

          Sign in ▾

fails to appear on Android yet appears and works OK on desktop browser
… without https although still using nginx it is OK on Android and elsewhere.

This issue is causing our app to just hang on Android using https showing a blank white screen saying

          Loading...

and never reaching our initial login screen … our iOS app and any desktop browser is OK using https … its just Android which is failing

Has anyone seen this issue ?

here is browser with https using nginx with Sign in widget inside RED circle

here is Android with https using nginx Notice missing Sign in widget

here is Android with http using nginx Notice it correctly has Sign in widget

I am leaning toward believing its a Meteor / Cordova issue since my app is fine using iOS … in any case here is my nginx config using https

worker_processes  1;

error_log  /var/log/nginx/error.log info;

events {
    worker_connections  1024;
}

http {

    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

	server {

    	listen 80 default_server;
    	listen [::]:80 default_server;

    	# Redirect all HTTP requests to HTTPS 
    	return 301 https://$host$request_uri;
	}

	server {

		# force http to use https
		if ($scheme = http) {
            return 301 https://$server_name$request_uri;
		}

    	ssl_certificate     /somepath/nginxcerts/primacyofdirectexperience.com/fullchain.pem;
    	ssl_certificate_key /somepath/nginxcerts/primacyofdirectexperience.com/privkey.pem;

		listen 443 ssl http2;
		listen [::]:443 ssl http2;

		ssl_session_tickets on;

		ssl_protocols TLSv1.2;

		ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

		ssl_prefer_server_ciphers On;

		add_header Strict-Transport-Security "max-age=31536000; preload; includeSubDomains";

		add_header X-Frame-Options "SAMEORIGIN" always;
		add_header X-Content-Type-Options "nosniff" always;
		add_header X-Xss-Protection "1";

		# Your favorite resolver may be used instead of the Google one below
		resolver 8.8.8.8;

		server_name  primacyofdirectexperience.com;

    	proxy_buffering off;
    	proxy_http_version 1.1;
    	proxy_read_timeout 600;
    	proxy_send_timeout 600;
    	proxy_set_header   Host              $host:$server_port;
    	proxy_set_header   Referer           $http_referer;
    	proxy_set_header   X-Real-IP         $remote_addr;
    	proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    	proxy_set_header   X-Forwarded-Proto https;
    	proxy_set_header   Upgrade           $http_upgrade;
    	proxy_set_header   Connection        "upgrade";
    	proxy_set_header   X-Nginx-Proxy     true;
    	proxy_redirect     off;

    	location / {

			proxy_pass http://45.55.49.67:3000;
    	}
    }
}