Jörn Heid commented on CB-11826:

Okay, more information. I made a new project using WKWebView and implemented 
the delegate method:

- (void)webView:(WKWebView *)webView 
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge 
completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, 
NSURLCredential *credential))completionHandler {
  NSLog(@"Allow all");
  SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
  CFDataRef exceptions = SecTrustCopyExceptions (serverTrust);
  SecTrustSetExceptions (serverTrust, exceptions);
  CFRelease (exceptions);
  completionHandler (NSURLSessionAuthChallengeUseCredential, [NSURLCredential 

It handles all loading of resources into the webview, including HTML files or 
JavaScript files from self signed servers. But it does *NOT* handle AJAX calls 
with invalid certificates.

This means that the WKWebView only supports JSONP calls to self signed servers 
while the old WebView can supports real AJAX calls.

> Ajax calls fails in WKWebView on self-signed servers 
> -----------------------------------------------------
>                 Key: CB-11826
>                 URL: https://issues.apache.org/jira/browse/CB-11826
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin WKWebViewEngine
>    Affects Versions: 3.5.0
>         Environment: iOS 9.3.2
>            Reporter: Jörn Heid
>            Assignee: Shazron Abdullah
> When using jQuery's Ajax, I get
> "Failed to load resource: The certificate for this server is invalid. You 
> might be connecting to a server that is pretending to be “xxx” which could 
> put your confidential information at risk."
> when checking the webview in Safari through USB.
> I tried to implement the didReceiveAuthenticationChallenge method in 
> CDVWKWebViewEngine but it doesn't seem to be called.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

Reply via email to