Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WKWebView custom URL scheme doesn't work with https? (mixed content blocked)

Tags:

ios

app-transport-security

swift

safari

wkwebview

I have a WKWebView to load a website that has a custom url scheme (mycustomurl://) implemented with WKURLScheme, which the website will call using GET. Everything works as expected when the website is in http://, but breaks when I switch to https:// with the following error:

[blocked] The page at https:// (url snipped) was not allowed to display insecure content from mycustomurl://(url snipped).

The WKURLScheme callback was never hit, so I suspect Safari or higher power blocked it :/

I already comb through SO discussions on ATS, none of it worked. I did saw some discussions like this one that mentioned this is because Safari blocks mixed content, and when I tried it directly on Safari it did generate the same result (blocked).

There seems to be no solution to this? It seems we can't turn off Safari's mixed content restriction. Then how should custom URL scheme be used and implemented because https should always a better choice than http?

I did notice most custom URL scheme tutorials have http instead of https...

like image 627
bkaooo Avatar asked Apr 13 '18 22:04

bkaooo

1 Answers

Not sure this answer is still relevant but an actual working solution is to use a custom WKUrlSchemeHandler to load the initial https-page from.

I recently faced a similar issue (trying to connect to a WebSocket server on device from a https-page) and the only way I found to get this working while still keeping the application secured by https was the following not-so-nice workaround:

  • register your custom WKUrlSchemeHandler for mycustomurl://
  • register a second custom WKUrlSchemeHandler, let's say myapp-remote://
  • inside webView:startURLSchemeTask::
    • retrieve the request url from the urlSchemeTask.Request
    • replace myapp-remote:// with https://
    • create a NSURLDataRequest with the https-url
    • return the response and fetched data to the urlSchemeTask

With this setup you can fetch your https-Page by using myapp-remote:// as schema for the initial load, keeping TLS security as well as validation and also have working mycustomurl:// references that your WKWebView won't block.

My implementation is in C# for Xamarin but I can provide it for clarity if it's needed.

like image 110
Shirkrin Avatar answered Oct 14 '22 19:10

Shirkrin
Sign in to Comment

Related questions

`adb shell input` returns `Killed` response without any input registered
Bootstrap 4 - full width form fields on inline form
Minimal path to form a string
Program type already present: org.apache.http.auth.AuthSchemeFactory
Associations in sequelize not working as intended
How does async-await "save threads"?
Caveats if go package name doesn't start with github.com?
What is the time complexity of accessing an element of a List by index in Dart?
How to mock chain of method calls using Mockito
Permissions for creating OAuth credentials in Google Cloud
NPM Install Error Woes: "npm ERR! code EINVAL"
leaflet marker cluster icons not displaying

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!