Bug 268710 - [Warning] [blocked] The page at https://xxxx.html was not allowed to run insecure content from knb://knb.js.
Summary: [Warning] [blocked] The page at https://xxxx.html was not allowed to run inse...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Safari 16
Hardware: Unspecified Unspecified
: P2 Major
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2024-02-04 00:23 PST by CassielX
Modified: 2024-02-11 00:24 PST (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description CassielX 2024-02-04 00:23:07 PST 
I am trying to load a URL with a specific scheme through the HTTPS main document to implement the function of local data interception and feedback on the iOS end's WKWebView. I have set a custom scheme interceptor, but I cannot receive related calls in the callback method:

-(void)webView:(nonnull WKWebView *)webView startURLSchemeTask:(nonnull id<WKURLSchemeTask>)urlSchemeTask



In the H5, I set the Content-Security-Policy as follows:

<meta http-equiv="Content-Security-Policy" content="script-src knb:">
......
<script src="knb://knb.js"></script>
<img src="knb://knb2.js"></img>

I can intercept knb://knb2.js, but I cannot receive knb://knb.js.

When inspecting in the safari browser, it shows
[Warning] [blocked] The page at https://xxxx.html was not allowed to run insecure content from knb://knb.js.



Is there anything else I need to set? Or does it not support this kind of loading at all?
Comment 1 CassielX 2024-02-04 00:23:57 PST 
Not only in iOS 16
Comment 2 Radar WebKit Bug Importer 2024-02-11 00:24:13 PST 
<rdar://problem/122735268>