Hi Mathias, With this feature, we don't need to do anything on the device to be able to access web resources hosted on a server that uses self-signed certificates. As I said in a previous message, making the device accept or not untrusted certificates is controlled by a preference in the config.xml file. Then, the corresponding Objective-C code controlled by the preference intercepts the HTTPS request right when iOS evaluates the certificate and dynamically adds an exception so that all certificates get accepted. We configure this preference at build time so that our development versions can accept the self-signed certificates used by our developers local VMs, and it's disabled for our production builds. It's basically working the same way as this Oracle plugin: https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration However, when I tried to use the Oracle plugin for our app, I never managed to make it work properly, so I ended up adding the same mechanics to cordova-plugin-wkwebview-engine so that it could accept all certificates as well.
Cheers, Julien -----Original Message----- From: Scheffe, Mathias <mathias.sche...@accenture.com.INVALID> Sent: December 22, 2020 1:47 AM To: dev@cordova.apache.org Subject: Re: Hello Cordova team CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe. Hi, @Julien: Can you detail your feature a bit more? We are also using self-signed certificates for testing. We are working with the Cordova standard and install our self-signed certificate on the testing iOS devices as trusted root certificate. Then everything works out of the box. Which additional features does your extension bring? Kind regards, Mathias From: Julien Lamure <julien.lam...@nexjhealth.com> Date: Saturday, 19. December 2020 at 00:21 To: dev@cordova.apache.org <dev@cordova.apache.org> Subject: [External] RE: Hello Cordova team This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. Hi Norman, You're right, it would totally make sense to have this directly built in cordova-ios@6. I had to add this feature to cordova-plugin-wkwebview-engine because we're using Monaca to build our app and cordova-ios@5.1.1 is the most recent version they give us access to for the moment. And I totally agree that allowing self-signed certificates is a big no-go for release builds, our automated build processes make sure it's only available for developer builds (accepting or refusing self-signed certificates is controlled by a preference in the config.xml file). I'm going to see if I can figure out how to incorporate it into cordova-ios@6 then, but maybe I can still also create the pull request for cordova-plugin-wkwebview-engine so that other Monaca customers like us can use it while waiting for getting access to cordova-ios@6. Cheers, Julien -----Original Message----- From: Norman Breau <nor...@nbsolutions.ca> Sent: December 18, 2020 5:49 PM To: dev@cordova.apache.org Cc: dev@cordova.apache.org Subject: Re: Hello Cordova team CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe. Hi Julien, Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase. So if this could be adapted to support cordova-ios@6, I think that would be better in the long term. Kind regards, Norman On Dec 18 2020, at 6:21 pm, Julien Lamure <julien.lam...@nexjhealth.com> wrote: > Hello everyone, > > I'm senior DevOps engineer and team lead at NexJ Health, greetings from > Toronto, Canada. > We're a provider of cloud-based population health management solutions and > our platform can also be accessed from a Cordova-based mobile app available > for Android and iOS. > I've been recently working on the migration to the WKWebView engine for iOS, > and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to > accept self-signed certificates. > I'm not an iOS developer, it was the first time I was touching some > Objective-C code, but my patch is vastly inspired from what was done in > Oracle's cordova-plugin-wkwebview-file-xhr. > We needed this feature because our developers test our mobile app along with > a server instance hosted on there workstation, and this local instance uses > self-signed certificates. > > I was thinking of creating a pull request on the official > cordova-plugin-wkwebview-engine to share this feature with the community > since I could see a lot of people asking how to do it, please let me know if > it's something that you would like me to do so. > Our fork is currently in one of our private repositories. > > Cheers > Julien > ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. ______________________________________________________________________________________ www.accenture.com --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
