[
https://issues.apache.org/jira/browse/CB-6693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14004026#comment-14004026
]
Marcel Kinard commented on CB-6693:
-----------------------------------
Although I freely admit it would be a hack and not "true cert pinning", one
idea I've been kicking around for the default webview on Android would be a JS
API to "check the server's cert now". So it would be
it-only-gets-checked-at-specific-times instead of checked-on-every-connection.
It might be enough of an approximation to be good enough with disclaimers. It
seems a shame for lack-of-support on Android to prevent us from doing it right
on iOS. But yeah, if third-party webviews have the ability to do it right, it
should be done.
> Investigate Certificate Pinning for Third-Party WebViews
> --------------------------------------------------------
>
> Key: CB-6693
> URL: https://issues.apache.org/jira/browse/CB-6693
> Project: Apache Cordova
> Issue Type: Sub-task
> Components: Android
> Reporter: Joe Bowser
> Fix For: 4.0.0
>
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
