Summary: | [OSX, iOS] Need delegate API to modify requests before dispatching | ||
---|---|---|---|
Product: | WebKit | Reporter: | Leo Natan <leo.natan> |
Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW --- | ||
Severity: | Blocker | CC: | andersca, beidson, leo.natan, mihaip, mjs, sam |
Priority: | P2 | ||
Version: | Other | ||
Hardware: | iPhone / iPad | ||
OS: | All | ||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=138169 |
Description
Leo Natan
2016-06-15 15:05:08 PDT
Just top-level requests or subresource requests as well? It would be easier to support for top-level resources only. (A wacky version is possible by canceling the navigation in -webView:decidePolicyForNavigationAction:decisionHandler: and then issuing a new request). And why do you want to do this? On the face of it, it seems like a Same Origin Policy bypass to reroute all websites to go to the same domain. The bug was opened with security SSLVPN products in mind, where VPN is not feasible/possible, but the administrator would like to have internal web applications not exposed to external networks. So a security gateway acts as a secure MITM to transfer specially crafted URLs, as given in the first comment for example, to internal resources. Since an admin cannot be expected to modify the web applications, and such applications might have absolute paths to resources, rather than relative ones, all resources should pass through such a theoretical system for augmentation. This is a pretty common usecase in security applications, and is not possible to achieve using WKWebView on iOS without using private API. |