Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Allow unverified ssl certificate in UIWebview

Tags:

ios

ssl

uiwebview

I'm embedding a website in a UIWebView. During development I have it pointed at localhost. The problem is that whenever it hits a "https://" url it doesn't load. When I load the url in mobile safari I get this popup:

enter image description here

Is there a way to override this with the UIWebView to allow the unverified url?

like image 461
Christian Schlensker Avatar asked Jan 13 '12 23:01

Christian Schlensker


4 Answers

If it's just for testing during development you can create a category on NSURLRequest and override the following private method:

#if DEBUG

@implementation NSURLRequest (NSURLRequestWithIgnoreSSL) 

+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
    return YES;
}

@end

#endif

Just put this anywhere in one of your .m files (e.g. app delegate), or put it in it's own .m file. You don't need a matching header file.

The #if DEBUG is a precaution to prevent you from accidentally leaving it enabled when you submit to Apple, but if you need it to work in a release build then remove that (and make sure you remember to restore it or remove this category before you submit to Apple).

like image 116
Nick Lockwood Avatar answered Nov 10 '22 19:11

Nick Lockwood


Swift 3/4 version for Nick Lockwood answer.

This is just for testing/development purposes:

extension NSURLRequest {
    #if DEBUG
    static func allowsAnyHTTPSCertificate(forHost host: String) -> Bool {
        return true
    }
    #endif
}
like image 28
Olexiy Pyvovarov Avatar answered Nov 10 '22 19:11

Olexiy Pyvovarov


Nick's answer will keep your app from being accepted by Apple in the App Store and George's answer will fail to load the remainder of a page that has .css or .js or any other secondary downloads. There is a complete answer here that allows the UIWebView to load pages from a site with an untrusted certificate.

like image 8
Prof Von Lemongargle Avatar answered Nov 10 '22 17:11

Prof Von Lemongargle


In iOS 9, SSL connections will fail for all invalid or self-signed certificates. This is the default behavior of the new App Transport Security feature in iOS 9.0 or later, and on OS X 10.11 and later.

You can override this behavior in the Info.plist, by setting NSAllowsArbitraryLoads to YES in the NSAppTransportSecurity dictionary. However, I recommend overriding this setting for testing purposes only.

enter image description here

For information see App Transport Technote here.

like image 8
johnnieb Avatar answered Nov 10 '22 19:11

johnnieb