NSPinnedDomains in WKWebView

Hi,

I implemented the NSPinnedDomains according to https://developer.apple.com/news/?id=g9ejcf8y "Identity Pinning: How to configure server certificates for your app".

This is my config (I added a wrong SHA256 hash so I can test if it works):
Code Block 
<key>NSAppTransportSecurity</key>
<dict>
    <key>NSPinnedDomains</key>
    <dict>
        <key>jsonplaceholder.typicode.com</key>
        <dict>
            <key>NSPinnedCAIdentities</key>
            <array>
                <dict>
                    <key>SPKI-SHA256-BASE64</key>
                    <string>r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=</string>
                </dict>
            </array>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

With NSURLSessions it properly fails when I try to load 
Code Block 
https://jsonplaceholder.typicode.com/todos/2

it prints following error:
Code Block 
An SSL error has occurred and a secure connection to the server cannot be made


But when I try to load the URL from JavaScript in WKWebView, it succeeds.
Is WKWebView not supported? Or am I doing something wrong?

Thanks and kind regards,
Mika

Objc code:
Code Block 
NSString *urlString = @"https://jsonplaceholder.typicode.com/todos/2";
NSURL *url = [NSURL URLWithString:urlString];
NSURLSessionDataTask *downloadTask = [[NSURLSession sharedSession]
  dataTaskWithURL:url completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
}];
[downloadTask resume];


Web code (can be included in any html page inside WKWebView):
Code Block 
<script>
document.addEventListener("DOMContentLoaded", () => {
 fetch("https://jsonplaceholder.typicode.com/todos/2")
  .then(res => res.json())
  .then(res => console.log(res));
});
</script>

Post not yet marked as solved Up vote post of Cybertron1 Down vote post of Cybertron1
1.9k views
Posted by
Cybertron1
Reply
Add a Comment

Replies

Is WKWebView not supported?

Great question. I would open a bug report here for this and please respond back with the Feedback ID.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment
Hi Matt,
here you go FB9078254
I hope it is good (is my first Feedback)
Mika
Posted by
Cybertron1
Up vote reply of Cybertron1 Down vote reply of Cybertron1
Add a Comment
Thank you. I see your bug internally and have copied myself on it for more information.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment
I can also confirm I am experiencing this bug and have created a sample project that replicates it. Bug is logged at https://feedbackassistant.apple.com/feedback/9119000.


Posted by
SuperMegaRich
Up vote reply of SuperMegaRich Down vote reply of SuperMegaRich
Add a Comment

Thank you for opening this bug report. I have copied myself on it internally and have made reference to the previous bug report on this thread as being related.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton

  • Hello, Does this issue solved? I am facing this issue and it does not work with WKWebView. Any suggestion would be greatly appreciated... thanks i advance

    dfgdfg678
Add a Comment

I have made some progress on this front. I've posted updates about this topic over on this thread.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment