WKWebView ignores upgradeKnownHostsToHTTPS = false on iOS 18.x (Xcode 16.x) but works on iOS 17.x (Xcode 15.x)

Safari & Web General
Yehen_Abedeera OP
Created 12h
Replies 0
Boosts 0
Views 83
Participants 1

Hello,

We are experiencing a behavior change with WKWebView related to upgradeKnownHostsToHTTPS.

Current application, we explicitly disable automatic HTTPS upgrades:

let config = WKWebViewConfiguration()
config.upgradeKnownHostsToHTTPS = false

Observed behavior

  • iOS 17.5 (built with Xcode 15.3)

    http:// image URLs are not automatically upgraded to https://, and the behavior works as expected.

  • iOS 18.5 / 18.6.x (built with Xcode 16.4)

    http:// image URLs appear to be automatically upgraded to https:// by WebKit, even when upgradeKnownHostsToHTTPS is explicitly set to false.

This behavior occurs for subresource requests such as <img src="http://..."> inside a WKWebView.

Question

  • Has the behavior of upgradeKnownHostsToHTTPS changed in iOS 18 / Xcode 16?
  • Is this property now ignored for certain types of subresource requests (e.g. images), or overridden by new WebKit security policies such as mixed-content HTTPS upgrades?

Any clarification or official guidance would be greatly appreciated!.

Replies  0
Boosts  0
Views  83
Participants  1
WKWebView ignores upgradeKnownHostsToHTTPS = false on iOS 18.x (Xcode 16.x) but works on iOS 17.x (Xcode 15.x)
First post date Last post date
 
 
Q