140412 – WKWebView should provide an API to allow canceling requests based on SSL certificates information before cookies are sent to the server.

Bug 140412 - WKWebView should provide an API to allow canceling requests based on SSL certificates information before cookies are sent to the server.

Summary: WKWebView should provide an API to allow canceling requests based on SSL cert...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	iPhone / iPad All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2015-01-13 14:14 PST by Eugene But
Modified:	2015-06-15 12:34 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eugene But 2015-01-13 14:14:50 PST

This API is necessary if host app wants to implement certificate blacklisting feature.
webView:didReceiveAuthenticationChallenge:completionHandler: is not suitable for that.
It provides all required information but it's called after the cookies were sent to the server and if host app believes that certificate is compromised it's too late to cancel the request as cookies were gone.

Comment 1 Eugene But 2015-01-13 14:26:31 PST

Also reported to Apple Radar: rdar://19462148

Comment 2 Benjamin Poulain 2015-06-15 12:33:47 PDT

(In reply to comment #1)
> Also reported to Apple Radar: rdar://19462148

The radar does not match this bug report.

Comment 3 Radar WebKit Bug Importer 2015-06-15 12:34:04 PDT

<rdar://problem/21387703>