In my application, I have a screen where user clicks different types of files to view and download them. However this screen is only accessible after user is logged in through web site.
I launch the Safari browser with my URL by using this method:
UIApplication.sharedApplication().openURL(NSURL(string: url)!)
However, the user is being redirected to login screen because he is not authorized to use the website yet.
My question is, how to pass cookies or headers to Safari and launch the URL with those?
Be careful with passing any secure data in the URL query as it's considered to be a security risk.
Some reasons are:
Reference: https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
I know it's not what you are looking for, but more secure solution would be to use session level cookies together with WKWebView. Check this SO answer for more information https://stackoverflow.com/a/26577303/14009088
You can't do that directly. openURL
does just that, no more.
You need to pass required credentials in the URL. The target server may read them from the URL and then set desired cookies in the response.
If you implement that, make sure it can't be abused to set arbitrary cookies or perform session fixation attack. One way to implement that securely is to use one-time identifiers:
?key=<that one-time key>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With