Hello All,
I have a app which has a WKWebview loading some code from a remote origin - https://my-company.example.com
When WKWebview loads remote origin, that page does load some of the sub-resources from in-app localhost server (GCDWebserver), i.e. reach out to a loopback based in-app GCDWebserver, now to provide a secure context I had an existing setup with self signed cert, CORS and everything needed for https on localhost. And the sub-resources used to load fine from https localhost till 26.4
Starting with iOS 26.4 it started breaking with TLSv1_ALERT_UNKNOWN_CA Is there any known guidance for this? Technically as per w3c spec, localhost is considered secure context by default right? and no special things need to be done. But ios/Webkit seem to be different in this regard. Is this a known issue, and is there any mitigation here?
I'll try to provide a sample app soon if possible.