Bug 140412

Summary: WKWebView should provide an API to allow canceling requests based on SSL certificates information before cookies are sent to the server.
Product: WebKit Reporter: Eugene But <eugenebut>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: benjamin, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: All   

Description Eugene But 2015-01-13 14:14:50 PST 
This API is necessary if host app wants to implement certificate blacklisting feature.
webView:didReceiveAuthenticationChallenge:completionHandler: is not suitable for that.
It provides all required information but it's called after the cookies were sent to the server and if host app believes that certificate is compromised it's too late to cancel the request as cookies were gone.
Comment 1 Eugene But 2015-01-13 14:26:31 PST 
Also reported to Apple Radar: rdar://19462148
Comment 2 Benjamin Poulain 2015-06-15 12:33:47 PDT 
(In reply to comment #1)
> Also reported to Apple Radar: rdar://19462148

The radar does not match this bug report.
Comment 3 Radar WebKit Bug Importer 2015-06-15 12:34:04 PDT 
<rdar://problem/21387703>