cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörn Heid (JIRA) <j...@apache.org>
Subject [jira] [Commented] (CB-11826) Ajax calls fails in WKWebView on self-signed servers
Date Sun, 18 Sep 2016 14:15:20 GMT

    [ https://issues.apache.org/jira/browse/CB-11826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15501044#comment-15501044
] 

Jörn Heid commented on CB-11826:
--------------------------------

Okay, more information. I made a new project using WKWebView and implemented the delegate
method:

{code}
- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge
*)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition,
NSURLCredential *credential))completionHandler {
  NSLog(@"Allow all");
  SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
  CFDataRef exceptions = SecTrustCopyExceptions (serverTrust);
  SecTrustSetExceptions (serverTrust, exceptions);
  CFRelease (exceptions);
  completionHandler (NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:serverTrust]);
  }
{code}

It handles all loading of resources into the webview, including HTML files or JavaScript files
from self signed servers. But it does *NOT* handle AJAX calls with invalid certificates.

This means that the WKWebView only supports JSONP calls to self signed servers while the old
WebView can supports real AJAX calls.

> Ajax calls fails in WKWebView on self-signed servers 
> -----------------------------------------------------
>
>                 Key: CB-11826
>                 URL: https://issues.apache.org/jira/browse/CB-11826
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin WKWebViewEngine
>    Affects Versions: 3.5.0
>         Environment: iOS 9.3.2
>            Reporter: Jörn Heid
>            Assignee: Shazron Abdullah
>
> When using jQuery's Ajax, I get
> "Failed to load resource: The certificate for this server is invalid. You might be connecting
to a server that is pretending to be “xxx” which could put your confidential information
at risk."
> when checking the webview in Safari through USB.
> I tried to implement the didReceiveAuthenticationChallenge method in CDVWKWebViewEngine
but it doesn't seem to be called.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message