cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörn Heid (JIRA) <>
Subject [jira] [Commented] (CB-11826) Ajax calls fails in WKWebView on self-signed servers
Date Sun, 18 Sep 2016 14:15:20 GMT


Jörn Heid commented on CB-11826:

Okay, more information. I made a new project using WKWebView and implemented the delegate

- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge
*)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition,
NSURLCredential *credential))completionHandler {
  NSLog(@"Allow all");
  SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
  CFDataRef exceptions = SecTrustCopyExceptions (serverTrust);
  SecTrustSetExceptions (serverTrust, exceptions);
  CFRelease (exceptions);
  completionHandler (NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:serverTrust]);

It handles all loading of resources into the webview, including HTML files or JavaScript files
from self signed servers. But it does *NOT* handle AJAX calls with invalid certificates.

This means that the WKWebView only supports JSONP calls to self signed servers while the old
WebView can supports real AJAX calls.

> Ajax calls fails in WKWebView on self-signed servers 
> -----------------------------------------------------
>                 Key: CB-11826
>                 URL:
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin WKWebViewEngine
>    Affects Versions: 3.5.0
>         Environment: iOS 9.3.2
>            Reporter: Jörn Heid
>            Assignee: Shazron Abdullah
> When using jQuery's Ajax, I get
> "Failed to load resource: The certificate for this server is invalid. You might be connecting
to a server that is pretending to be “xxx” which could put your confidential information
at risk."
> when checking the webview in Safari through USB.
> I tried to implement the didReceiveAuthenticationChallenge method in CDVWKWebViewEngine
but it doesn't seem to be called.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message