WeChat small program network

Internet

When using web-related APIs in small programs/games, you need to be aware of the following issues, please let the developer know in advance.

1. Server domain name configuration

Each WeChat program needs to set up the communication domain name in advance, the small program can only communicate with the specified domain name network. Includes normal HTTPS requests (wx.request), upload files (wx.uploadFile), download files (wx.downloadFile), and WebSocket communication (wx.connectSocket).

Starting with the base library 2.4.0, the network interface allows communication with the LOCALS IP, but be aware that does not allow communication with the local IP.

Starting at 2.7.0, UDP communication (wx.createUDPSocket) is available.

Configure the process

Server domain name please configure in "Small program background-development-development settings-server domain name", when configuring need to be aware of:

• Domain names only support https (wx.request, wx.uploadFile, wx.downloadFile) and wx.connectSocket protocols;
• Domain names cannot use IP addresses (except local area network IP for small programs) or localhost;
• Ports, such as https://myserver.com:8080, can be configured to https://myserver.com:8080 only. If you request a URL https://myserver.com, https://myserver.com:9091, and so on, it fails.
• If the port is not configured. I f https://myserver.com, the requested URL cannot contain ports, not even the default 443 ports. If a request https://myserver.com:443 fails, it will fail.
• The domain name must be filed with ICP;
• For security reasons, api.weixin.qq.com cannot be configured as a server domain name, and the associated API cannot be called within a small program. Developers should save AppSecret to the back server, obtain the data from the server using the getAccessToken interface access_token, and call the relevant API;
• For each interface, you can configure up to 20 domain names each.

2. Network request

Time-out time

• The default timeout time and the maximum timeout are 60s;
• Timeouts can be configured via networktimeout in app.json or game.json.

Restrictions on use

• The referer header requested by the network cannot be set. Its format is fixed to https://servicewechat.com/(appid)/version/page-frame.html, where the appid is the appid of the applet, the version number is the version number of the applet, the version number is 0 for the development version, the experience version and the audit version, the version number is devtools for the developer tool, the rest is the official version;
• The maximum number of constraints for wx.request, wx.uploadFile, wx.downloadFile is 10;
• The maximum canoned limit for wx.connectSocket is 5.
• When a small program enters a background run, if the network request within 5s does not end, the error message failsinterrupted is called;

Returns the value code

• It is recommended that the server return value be encoded using UTF-8. For non-UTF-8 encoding, the small program attempts to convert, but there is a possibility that the conversion will fail.
• The small program automatically filters the BOM head (only one BOM head).

Callback function

• As long as the server returns successfully, the success callback is entered regardless of the statusCode. Ask the developer to judge the return value based on the business logic.

3. Frequently asked questions

HTTPS certificate

The widget must use HTTPS/WSS to initiate a network request. T he HTTPS certificate used by the server domain name is verified at the time of the request, and if the validation fails, the request cannot be successfully initiated. D ue to system limitations, different platforms have different degrees of rigness to certificate requirements. To ensure the compatibility of small programs, it is recommended that developers configure certificates to the highest standards and use the relevant tools to check that existing certificates meet the requirements.

The certificate requirements are as follows:

• HTTPS certificates must be valid; certificates must be trusted by the system, i.e. the domain name of the website where the root certificate is built into the system to deploy the SSL certificate must be consistent with the domain name issued by the certificate The certificate's chain of trust must be complete (server configuration required)
• iOS does not support self-signed certificates;
• Certificates under iOS must meet Apple App Transport Security (ATS);
• TLS must support versions 1.2 and above. Some older Android models do not yet support TLS 1.2, make sure that the TLS version of the HTTPS server supports version 1.2 and below;
• Some CAs may not be trusted by the operating system, so ask developers to be aware of small programs and system-related advertisements when selecting certificates.
  • Chrome 56/57 Kernel limits WoSign, StartCom certificates

Certificate validity can be verified using the opensl s_client -connect example.com:443 command, or you can use other online tools.

In addition to the network request API, other HTTPS requests in the small program are checked as follows if an exception occurs. Such as https pictures can not load, audio and video can not play, etc.

Skip the domain name check

In weChat developer tools, you can temporarily turn on the option of requesting domain names, TLS versions, and HTTPS certificates without verification in the development environment, skipping the verification of server domain names. At this point, the server domain name is not verified in WeChat developer tools and when the phone turns on debugging mode.

After a successful server domain name configuration, it is recommended that developers turn off this option for development and test it under each platform to confirm that the server domain name configuration is correct.

If you see the phenomenon of "On debug mode can make a request, turn off debug mode can make a request" on your phone, confirm that the domain name verification has been skipped and that the server domain name and certificate configuration are correct.

LAN communication

Base Library 2.4.0 provides a range of mDNS APIs, such as wx.startLocalServiceDiscovery, that can be used to obtain IP for devices that provide mDNS services within a local area network. The url parameter of wx.request/wx.connectSocket/wx.uploadFile/wx.downloadFile is allowed to be in the format of $?IP:$?PORT/$?PATH, and the request/connection is successful only if the IP is in the same segment as the mobile IP and is not the same as the local IP (generally speaking, the same local area network, such as a connection under the same wifi).

In this case, the verification of the security domain is not performed, and https/wss are not required, or they can be used.

wx.request({
  url: 'http://10.9.176.40:828'
  // 省略其他参数
})

wx.connectSocket({
  url: 'ws://10.9.176.42:828'
  // 省略其他参数
})

The base library 2.7.0 starts with the wx.createUDPSocket interface for UDP communication. The communication rules are the same and only non-local IP under the same LAN is allowed.

mDNS

Currently, the program only supports obtaining IP from other devices within the LAN through the mDNS protocol. The implementation of the mDNS API on iOS is based on Bonjour, while on Android it is based on the Android system interface.

serviceType

The interface that initiated the mDNS service search wx.startLocalServiceDiscovery has a serviceType parameter that specifies the type of service to search for.

ServiceType format and specification, iOS Bonjour Overview is mentioned in Bonjour Names for Existing Service Types.

Android documentation also mentions this.