Android app Sign in ▾ UI widget fails to appear using https yet OK using http


#1

There is a Cordova issue when trying to deploy onto Android which I have tracked down and can now see same issue in the default Meteor example app :

          https://github.com/meteor/simple-todos

When deployed using https through nginx the Account sign-in widget
which should appear on the initial screen (see screenshot below)

          Sign in ▾ 

fails to appear on Android yet appears and works OK on desktop browser
… without https although still using nginx it is OK on Android and elsewhere.

This issue is causing our app to just hang on Android using https showing a blank white screen saying

          Loading...

and never reaching our initial login screen … our iOS app and any desktop browser is OK using https … its just Android which is failing

Has anyone seen this issue ?

here is browser with https using nginx with Sign in widget inside RED circle
https://drive.google.com/file/d/0BwsqAY439yBDLWo3MmZpLVF6b1U/view?usp=sharing

here is Android with https using nginx Notice missing Sign in widget
https://drive.google.com/file/d/0BwsqAY439yBDZVM1dkhPcmhhTWc/view?usp=sharing

here is Android with http using nginx Notice it correctly has Sign in widget
https://drive.google.com/file/d/0BwsqAY439yBDVlFTR0dWVGVHTDg/view?usp=sharing

I am leaning toward believing its a Meteor / Cordova issue since my app is fine using iOS … in any case here is my nginx config using https

worker_processes  1;

error_log  /var/log/nginx/error.log info;

events {
    worker_connections  1024;
}

http {

    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

	server {

    	listen 80 default_server;
    	listen [::]:80 default_server;

    	# Redirect all HTTP requests to HTTPS 
    	return 301 https://$host$request_uri;
	}

	server {

		# force http to use https
		if ($scheme = http) {
            return 301 https://$server_name$request_uri;
		}

    	ssl_certificate     /somepath/nginxcerts/primacyofdirectexperience.com/fullchain.pem;
    	ssl_certificate_key /somepath/nginxcerts/primacyofdirectexperience.com/privkey.pem;

		listen 443 ssl http2;
		listen [::]:443 ssl http2;

		ssl_session_tickets on;

		ssl_protocols TLSv1.2;

		ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

		ssl_prefer_server_ciphers On;

		add_header Strict-Transport-Security "max-age=31536000; preload; includeSubDomains";

		add_header X-Frame-Options "SAMEORIGIN" always;
		add_header X-Content-Type-Options "nosniff" always;
		add_header X-Xss-Protection "1";

		# Your favorite resolver may be used instead of the Google one below
		resolver 8.8.8.8;

		server_name  primacyofdirectexperience.com;

    	proxy_buffering off;
    	proxy_http_version 1.1;
    	proxy_read_timeout 600;
    	proxy_send_timeout 600;
    	proxy_set_header   Host              $host:$server_port;
    	proxy_set_header   Referer           $http_referer;
    	proxy_set_header   X-Real-IP         $remote_addr;
    	proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    	proxy_set_header   X-Forwarded-Proto https;
    	proxy_set_header   Upgrade           $http_upgrade;
    	proxy_set_header   Connection        "upgrade";
    	proxy_set_header   X-Nginx-Proxy     true;
    	proxy_redirect     off;

    	location / {

			proxy_pass http://45.55.49.67:3000;
    	}
    }
}