I'm trying to build a Dart HTTP server and I want to test the API. I'm not able to set up the tests, though.
Here is what I have so far in my_server_test.dart:
import 'dart:io';
import 'package:my_server/my_server.dart';
import 'package:test/test.dart';
void main() {
HttpServer server;
setUp(() async {
final server = await createServer();
await handleRequests(server);
});
tearDown(() async {
await server.close(force: true);
server = null;
});
test('First try', () async {
final client = HttpClient();
final request = await client.get(InternetAddress.loopbackIPv4.host, 4040, '/');
final response = await request.close();
print(response);
});
}
And here is the server code in my_server.dart:
import 'dart:io';
import 'package:hundetgel_server/routes/handle_get.dart';
Future<HttpServer> createServer() async {
final address = InternetAddress.loopbackIPv4;
const port = 4040;
return await HttpServer.bind(address, port);
}
Future<void> handleRequests(HttpServer server) async {
await for (HttpRequest request in server) {
switch (request.method) {
case 'GET':
handleGet(request);
break;
default:
handleDefault(request);
}
}
}
void handleGet(HttpRequest request) {
request.response
..write('Hello')
..close();
}
void handleDefault(HttpRequest request) {
request.response
..statusCode = HttpStatus.methodNotAllowed
..write('Unsupported request: ${request.method}.')
..close();
}
When I run the test I just get a timeout:
TimeoutException after 0:00:30.000000: Test timed out after 30 seconds. See https://pub.dev/packages/test#timeouts
dart:isolate _RawReceivePortImpl._handleMessage
NoSuchMethodError: The method 'close' was called on null.
Receiver: null
Tried calling: close(force: true)
dart:core Object.noSuchMethod
2
main.<fn>
test/my_server_test.dart:15
===== asynchronous gap ===========================
dart:async _completeOnAsyncError
test/my_server_test.dart main.<fn>
test/my_server_test.dart:1
main.<fn>
test/my_server_test.dart:14
2
✖ First try
Exited (1)
How do I set up the server so I can start testing it?
It seems that you are await handleRequests in your setUp. Your handleRequests is a forever loop waiting for incoming requests. So it never halts. So you setup never finishes. That is the problem.
Thus, try to change
await handleRequests(server);
to
handleRequests(server); // NO await
Thus the handleRequests will run in the "background".
EDIT about the null exception of server variable:
change
final server = await createServer();
to
server = await createServer();
because the old code shadows the outside server variable - that variable is never assigned a value.
I'm going through the Dart server documentation. I see I can await for an HttpRequest like this:
import 'dart:io';
Future main() async {
var server = await HttpServer.bind(
InternetAddress.loopbackIPv4,
4040,
);
print('Listening on localhost:${server.port}');
await for (HttpRequest request in server) {
request.response.write('Hello, world!');
await request.response.close();
}
}
That's because HttpServer implements Stream. But since a stream can return either a value or an error, I should catch exceptions like this, right:
try {
await for (HttpRequest request in server) {
request.response.write('Hello, world!');
await request.response.close();
}
} catch (e) {
// ???
}
But I'm not sure what kind of exceptions can be caught. Do the exceptions arise from the request (and warrant a 400 level response) or from the server (and warrant a 500 level response)? Or both?
Error status codes
On exception, a BAD_REQUEST status code will be set:
} catch (e) {
// Try to send BAD_REQUEST response.
request.response.statusCode = HttpStatus.badRequest;
(see source)
That would be 400 (see badRequest).
Stream errors
In that same catch block, the exceptions will be rethrown, which means that you will still receive all the errors on your stream. This happens in processRequest, which processes all requests in bind.
And you get the errors on your stream because they are forwarded to the sink in bind.
Kinds of errors
I could only find a single explicit exception type:
if (disposition == null) {
throw const HttpException(
"Mime Multipart doesn't contain a Content-Disposition header value");
}
if (encoding != null &&
!_transparentEncodings.contains(encoding.value.toLowerCase())) {
// TODO(ajohnsen): Support BASE64, etc.
throw HttpException('Unsupported contentTransferEncoding: '
'${encoding.value}');
}
(see source)
These are both HttpExceptions.
I have this code:
void handle(HttpRequest request) async {
request.response.write('Hello');
await Future.delayed(Duration(seconds: 5));
request.response.close();
}
void main() {
var server = await HttpServer.bind(InternetAddress.loopbackIPv4, 8080);
server.listen(handle);
}
And that works properly, all the requests are processed in the same time, now I'm wondering why if I move the response.write after the Future, it can only processes only one request at time.
I can reproduce this only in Chromium browser, in Internet Explorer, Edge or CURL requests this doesn't happen.
void handle(HttpRequest request) async {
print('Request on ${Isolate.current.hashCode}');
await Future.delayed(Duration(seconds: 5));
request.response.write('Hello');
request.response.close();
}
Any info if there is a fix(leaving the response.write after the Future) or any explanation about why this is happening is welcome.
Modified your code like so:
void handle(HttpRequest request) async {
print('A');
await Future.delayed(Duration(seconds: 5));
print('B');
request.response.write('Hello');
print('C');
request.response.close();
}
2 tabs open in chrome, sending requests. One would expect to see A-A-B-C-B-C in console but in fact it's not so: A-B-C-A-B-C. #julemand101 pointed out, it has something to do with how Chrome handles connections/caches... Something under the hood. If you disable the cache in dev-tools, you get the result you expect. So it's unrelated to how Dart works and in fact a browser-related oddity.
I am sending a post request in Dart. It is giving a response when I test it on API testing tools such as Postman. But when I run the app. It gives me the following error:-
E/flutter ( 6264): HandshakeException: Handshake error in client (OS Error: E/flutter ( 6264): CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:363))
Here is my code of the function -
Future getAccessToken(String url) async {
try {
http.post('url',
body: {
"email": "xyz#xyz.example",
"password": "1234"
}).then((response) {
print("Reponse status : ${response.statusCode}");
print("Response body : ${response.body}");
var myresponse = jsonDecode(response.body);
String token = myresponse["token"];
});
} catch (e) {
print(e.toString());
}
Here's the full error body:
E/flutter ( 6264): [ERROR:flutter/shell/common/shell.cc(184)] Dart Error: Unhandled exception: E/flutter ( 6264): HandshakeException: Handshake error in client (OS Error: E/flutter ( 6264): CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:363)) E/flutter ( 6264): #0 IOClient.send (package:http/src/io_client.dart:33:23) E/flutter ( 6264): <asynchronous suspension> E/flutter ( 6264): #1 BaseClient._sendUnstreamed (package:http/src/base_client.dart:169:38) E/flutter ( 6264): <asynchronous suspension> E/flutter ( 6264): #2 BaseClient.post (package:http/src/base_client.dart:54:7) E/flutter ( 6264): #3 post.<anonymous closure> (package:http/http.dart:70:16) E/flutter ( 6264): #4 _withClient (package:http/http.dart:166:20) E/flutter ( 6264): <asynchronous suspension> E/flutter ( 6264): #5 post (package:http/http.dart:69:5) E/flutter ( 6264): #6
_MyLoginFormState.getAccessToken (package:chart/main.dart:74:7) E/flutter ( 6264): <asynchronous suspension> E/flutter ( 6264): #7
_MyLoginFormState.build.<anonymous closure> (package:chart/main.dart:64:29)
In order to enable this option globally in your project, here is what you need to do:
In your main.dart file, add or import the following class:
class MyHttpOverrides extends HttpOverrides{
#override
HttpClient createHttpClient(SecurityContext? context){
return super.createHttpClient(context)
..badCertificateCallback = (X509Certificate cert, String host, int port)=> true;
}
}
In your main function, add the following line after function definition:
HttpOverrides.global = MyHttpOverrides();
This comment was very helpful to pass through this matter, and please note that...
This should be used while in development mode, do NOT do this when you want to release to production, the aim of this answer is to
make the development a bit easier for you, for production, you need to fix your certificate issue and use it properly, look at the other answers for this as it might be helpful for your case.
Download cert from https://letsencrypt.org/certs/lets-encrypt-r3.pem
Add this file to assets/ca/ Flutter project root directory
Add assets/ca/ assets directory in pubspec.yaml
Add this code on your app initialization:
void main() async {
WidgetsFlutterBinding.ensureInitialized();
ByteData data = await PlatformAssetBundle().load('assets/ca/lets-encrypt-r3.pem');
SecurityContext.defaultContext.setTrustedCertificatesBytes(data.buffer.asUint8List());
runApp(MyApp());
}
It works with the default chain, so no changes are needed on the server.
Android < 7.1.1 clients will still have access in a browser context.
If you are using Dio library, just do this:
Dio dio = new Dio();
(dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate =
(HttpClient client) {
client.badCertificateCallback =
(X509Certificate cert, String host, int port) => true;
return client;
};
This Code work for me
class MyHttpOverrides extends HttpOverrides{
#override
HttpClient createHttpClient(SecurityContext context){
return super.createHttpClient(context)
..badCertificateCallback = (X509Certificate cert, String host, int port)=> true;
}
}
void main(){
HttpOverrides.global = new MyHttpOverrides();
runApp(MyApp());
}
I think it will the same for you...
Edit & Update Feb 2021: When this question was earlier asked there were not enough docs and developers to answer. The following answers may be more helpful than this one:
Ma'moon Al-Akash Answer, Pedro Massango's Answer & Ken's Answer
If you have not found the solution in these 3 answers, you can try the solution below.
Originally Answered Jan 2019:
The correct(but a bad) way to do it, as I found out, is to allow all certificates.
HttpClient client = new HttpClient();
client.badCertificateCallback = ((X509Certificate cert, String host, int port) => true);
String url ='xyz#xyz.example';
Map map = {
"email" : "email" ,
"password" : "password"
};
HttpClientRequest request = await client.postUrl(Uri.parse(url));
request.headers.set('content-type', 'application/json');
request.add(utf8.encode(json.encode(map)));
HttpClientResponse response = await request.close();
String reply = await response.transform(utf8.decoder).join();
print(reply);
The best approach (I think so) is to allow certificate for trusted hosts, so if your API host is "api.my_app" you can allow certificates from this host only:
HttpClient client = new HttpClient();
client.badCertificateCallback = ((X509Certificate cert, String host, int port) {
final isValidHost = host == "api.my_app";
// Allowing multiple hosts
// final isValidHost = host == "api.my_app" || host == "my_second_host";
return isValidHost;
});
If you have more hosts you can just add a new check there.
import 'package:http/io_client.dart';
import 'dart:io';
import 'package:http/http.dart';
import 'dart:async';
import 'dart:convert';
Future getAccessToken(String url) async {
try {
final ioc = new HttpClient();
ioc.badCertificateCallback =
(X509Certificate cert, String host, int port) => true;
final http = new IOClient(ioc);
http.post('url', body: {"email": "xyz#xyz.example", "password": "1234"}).then(
(response) {
print("Reponse status : ${response.statusCode}");
print("Response body : ${response.body}");
var myresponse = jsonDecode(response.body);
String token = myresponse["token"];
});
} catch (e) {
print(e.toString());
}
}
Check the device date and time in device settings. The device date and time is set to previous date.
This is for http library method. here is what you need to do in order to enable this option globally in your project.
class MyHttpoverrides extends HttpOverrides{
#override
HttpClient createHttpClient(SecurityContext context){
return super.createHttpClient(context)
..badCertificateCallback = (X509Certificate cert, String host, int port)=>true;
}
}
//void main() => runApp(MyApp());
void main(){
HttpOverrides.global=new MyHttpoverrides();
runApp(MyApp());
}
for more details:https://fluttercorner.com/certificate-verify-failed-unable-to-get-local-issuer-certificate-in-flutter/
This issue happened to us as we are not using the fullchain.pem generated using let's encrypt on nginx. Once changed that it fixes this issue.
server {
listen 443 ssl;
ssl_certificate /var/www/letsencrypt/fullchain.pem;
For Apache, you might need to configure SSLCertificateChainFile. More discussion about the issue https://github.com/flutter/flutter/issues/50699
Using Dio package for request on my local server with self signed certificat, i prefer to allow a specific host rather than all domains.
//import 'package:get/get.dart' hide Response; //<-- if you use get package
import 'package:dio/dio.dart';
void main(){
HttpOverrides.global = new MyHttpOverrides();
runApp(MyApp());
}
class MyHttpOverrides extends HttpOverrides{
#override
HttpClient createHttpClient(SecurityContext context){
return super.createHttpClient(context)
..badCertificateCallback = ((X509Certificate cert, String host, int port) {
final isValidHost = ["192.168.1.67"].contains(host); // <-- allow only hosts in array
return isValidHost;
});
}
}
// more example: https://github.com/flutterchina/dio/tree/master/example
void getHttp() async {
Dio dio = new Dio();
Response response;
response = await dio.get("https://192.168.1.67");
print(response.data);
}
For those who need to ignore certificate errors only for certain calls, you could use the HttpOverrides solution already mentioned by numerous answers.
However, there is no need to use it globally. You can use it only for certain calls that you know experience handshake errors by wrapping the call in HttpOverrides.runWithHttpOverrides().
class IgnoreCertificateErrorOverrides extends HttpOverrides{
#override
HttpClient createHttpClient(SecurityContext context){
return super.createHttpClient(context)
..badCertificateCallback = ((X509Certificate cert, String host, int port) {
return true;
});
}
}
Future<void> myNonSecurityCriticalApiCall() async {
await HttpOverrides.runWithHttpOverrides(() async {
String url = 'https://api.example.com/non/security/critical/service';
Response response = await get(url);
// ... do something with the response ...
}, IgnoreCertificateErrorOverrides());
}
In my case it is an external API which does have a valid SSL certificate and works in the browser but for some reason won't work in my Flutter app.
Well, I figured out that the actual root of the problem was out-of-sync time on my test device...
For me, it was because I am using HTTPS and the API uses HTTP so I just changed it to HTTP and it works.
For everyone landing here with a need to solve the problem and not just bypass it allowing everything.
For me the problem solved on the server side (as it should be) with no change in the code. Everything is valid now. On all the other solutions the problem still exists (eg The Postman runs but it displays a configuration error on the globe next to response status)
The configuration is Centos/Apache/LetsEncrypt/Python3.8/Django3.1.5/Mod_wsgi/ but I guess that the solution is valid for most installations of Apache/LetsEncrypt
The steps to resolve are
Locate the line "SSLCACertificateFile" on the Virtual Host you wish to config. For example:
SSLCACertificateFile /etc/httpd/conf/ssl.crt/my_ca.crt
Download
https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.txt
At the end of /etc/httpd/conf/ssl.crt/my_ca.crt (after the -----END CERTIFICATE-----) start a new line and paste from lets-encrypt-r3-cross-signed.txt everything bellow -----BEGIN CERTIFICATE----- (including -----BEGIN CERTIFICATE-----)
Save /etc/httpd/conf/ssl.crt/my_ca.crt
Restart Apache httpd
References:
https://access.redhat.com/solutions/43575
https://letsencrypt.org/certs
Also you can check the validity of your cert in https://www.digicert.com/help/.
For me, it was the problem with the android emulator.
I just created a new android emulator that fixed my problem.
Actually in my case I fixed it after updating the date and time on my pc. Might help someone I guess
I specifically needed to use lib/client.dart Client interface for http calls (i.e. http.Client instead of HttpClient) . This was required by ChopperClient (link).
So I could not pass HttpClient from lib/_http/http.dart directly to Chopper.
ChopperClient can receive HttpClient in the constructor wrapped in ioclient.IOClient.
HttpClient webHttpClient = new HttpClient();
webHttpClient.badCertificateCallback = ((X509Certificate cert, String host, int port) => true);
dynamic ioClient = new ioclient.IOClient(webHttpClient);
final chopper = ChopperClient(
baseUrl: "https://example.com",
client: ioClient,
services: [
MfService.create()
],
converter: JsonConverter(),
);
final mfService = MfService.create(chopper);
This way you can temporarily ignore CERTIFICATE_VERIFY_FAILED error in your calls. Remember - that's only for development purposes. Don't use this in production environment!
Update on January 30, 2021:
I know the reason, because nginx is configured with some encryption algorithms that flutter does not support! , The specific need to try.
Use tls 1.3 request URL, no problem.
Example
import 'dart:io';
main() async {
HttpClient client = new HttpClient();
// tls 1.2 error
// var request = await client.getUrl(Uri.parse('https://shop.io.mi-img.com/app/shop/img?id=shop_88f929c5731967cbc8339cfae1f5f0ec.jpeg'));
// tls 1.3 normal
var request = await client.getUrl(Uri.parse('https://ae01.alicdn.com/kf/Ud7cd28ffdf6e475c8dc382380d5d1976o.jpg'));
var response = await request.close();
print(response.headers);
client.close(force: true);
}
This Solution is finally worked. Thanks to Milad
final ioc = new HttpClient();
ioc.badCertificateCallback =
(X509Certificate cert, String host, int port) => true;
final http = new IOClient(ioc);
http.post(); //Your Get or Post Request
I fixed the issue by generating the full_chain.crt file.
You might have received the your_domain.crt file and your_domain.ca-bundle file. Now what you have to do is combine the crt file and ca-bundle file to generate the crt file.
cat domain.crt domain.ca-bundle >> your_domain_full_chain.crt
Then you just need to put the your_domain_full_chain.crt file in the nginx and it will start working properly.
In my case I needed to remake my backend's ssl certs. I had generated the certs using mkcert and just had to make new ones.
Note: If this error occurs other than trying to connect to a local SSL please fix it correctly and don't just use badCertificateCallback = (cert, host, port) => true as it is a security risk!
But.. if you run into this issue because you want to connect to a local back-end running a self signed certificate you could do the following.
You can use this client to connect to sources other then you local back-end.
class AppHttpClient {
AppHttpClient({
Dio? client,
}) : client = client ?? Dio() {
if (kDebugMode) {
// this.client.interceptors.add(PrettyDioLogger());
}
}
final Dio client;
}
You can use this client to connect to your local back-end. Make sure you set the --dart-define FLAVOR=development flag when running your app.
class InternalApiHttpClient extends AppHttpClient {
ApiHttpClient({
super.client,
required this.baseUrl,
}) {
_allowBadDevelopmentCertificate();
}
void _allowBadDevelopmentCertificate() {
const flavor = String.fromEnvironment('FLAVOR');
if (flavor == 'development') {
final httpClientAdapter =
super.client.httpClientAdapter as DefaultHttpClientAdapter;
httpClientAdapter.onHttpClientCreate = (client) {
return client..badCertificateCallback = (cert, host, port) => true;
};
}
}
final Uri baseUrl;
}
Doing it this way only suppresses the certificate message when you are on your development environment only when connecting to your local API. Any other requests stay untouched and if failing should be solved in a different way.
If you're using the emulator. So ensure that your date and time are right. Because in my case I found that issue.
If you use Android Emulator I've found out that this occurs when there is no internet connection. Check that your emulator has a network connection!