In my application, I need to load the html5 code downloaded to the local computer through the https server embedded in the application. These local html5 codes are small programs developed by some front-end developers. My https server will only load these small programs locally, so I use a self-signed certificate. The code to access the small program is like this: "https://localhost:12345/MiniAppA", ""https://localhost:12345/MiniAppB". ,My applet container will use different certificate verification rules based on the domain name. I want to know if this technical form will be rejected by AppStore reviewers?
- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential * _Nullable credential))completionHandler {
if ([challenge.protectionSpace.host isEqualToString:@"localhost"]) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
} else {
completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
}
}
I don’t work for App Review and can’t give definitive answers on there behalf. However, I’ve seen plenty of apps in the App Store that disable HTTPS server trust evaluation. Indeed, we offer some guidance on this front, in the Provide Justification for Exceptions section of Preventing Insecure Network Connections.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"