Bug 140412
| Summary: | WKWebView should provide an API to allow canceling requests based on SSL certificates information before cookies are sent to the server. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Eugene But <eugenebut> |
| Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | benjamin, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | iPhone / iPad | ||
| OS: | All | ||
Eugene But
This API is necessary if host app wants to implement certificate blacklisting feature.
webView:didReceiveAuthenticationChallenge:completionHandler: is not suitable for that.
It provides all required information but it's called after the cookies were sent to the server and if host app believes that certificate is compromised it's too late to cancel the request as cookies were gone.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Eugene But
Also reported to Apple Radar: rdar://19462148
Benjamin Poulain
(In reply to comment #1)
> Also reported to Apple Radar: rdar://19462148
The radar does not match this bug report.
Radar WebKit Bug Importer
<rdar://problem/21387703>