Hi Julian I would recommend you consider announcing and sharing whatever you have, in case it may help others or receive any contributions. Thanks!
On Tue, Dec 22, 2020 at 11:28 AM Julien Lamure <julien.lam...@nexjhealth.com> wrote: > Hi Mathias, > > With this feature, we don't need to do anything on the device to be able > to access web resources hosted on a server that uses self-signed > certificates. > As I said in a previous message, making the device accept or not untrusted > certificates is controlled by a preference in the config.xml file. Then, > the corresponding Objective-C code controlled by the preference intercepts > the HTTPS request right when iOS evaluates the certificate and dynamically > adds an exception so that all certificates get accepted. > We configure this preference at build time so that our development > versions can accept the self-signed certificates used by our developers > local VMs, and it's disabled for our production builds. > It's basically working the same way as this Oracle plugin: > https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration > However, when I tried to use the Oracle plugin for our app, I never > managed to make it work properly, so I ended up adding the same mechanics > to cordova-plugin-wkwebview-engine so that it could accept all certificates > as well. > > Cheers, > Julien > > -----Original Message----- > From: Scheffe, Mathias <mathias.sche...@accenture.com.INVALID> > Sent: December 22, 2020 1:47 AM > To: dev@cordova.apache.org > Subject: Re: Hello Cordova team > > CAUTION: This email came from outside NexJ. Do not click links or open > attachments unless you recognize the sender and know the contents are safe. > > Hi, > > @Julien: Can you detail your feature a bit more? > We are also using self-signed certificates for testing. We are working > with the Cordova standard and install our self-signed certificate on the > testing iOS devices as trusted root certificate. Then everything works out > of the box. Which additional features does your extension bring? > > Kind regards, > Mathias > > From: Julien Lamure <julien.lam...@nexjhealth.com> > Date: Saturday, 19. December 2020 at 00:21 > To: dev@cordova.apache.org <dev@cordova.apache.org> > Subject: [External] RE: Hello Cordova team This message is from an > EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. > > Hi Norman, > > You're right, it would totally make sense to have this directly built in > cordova-ios@6. > I had to add this feature to cordova-plugin-wkwebview-engine because we're > using Monaca to build our app and cordova-ios@5.1.1 is the most recent > version they give us access to for the moment. > And I totally agree that allowing self-signed certificates is a big no-go > for release builds, our automated build processes make sure it's only > available for developer builds (accepting or refusing self-signed > certificates is controlled by a preference in the config.xml file). > I'm going to see if I can figure out how to incorporate it into > cordova-ios@6 then, but maybe I can still also create the pull request > for cordova-plugin-wkwebview-engine so that other Monaca customers like us > can use it while waiting for getting access to cordova-ios@6. > > Cheers, > Julien > > -----Original Message----- > From: Norman Breau <nor...@nbsolutions.ca> > Sent: December 18, 2020 5:49 PM > To: dev@cordova.apache.org > Cc: dev@cordova.apache.org > Subject: Re: Hello Cordova team > > CAUTION: This email came from outside NexJ. Do not click links or open > attachments unless you recognize the sender and know the contents are safe. > > Hi Julien, > > Ability to accept self-signed certificates for development builds sounds > like a neat enhancement and I personally would give my thumbs up for this > kind of feature. I would be hesitant to allow self-signed certificates for > release builds. I'm wondering if this could be adapted to either an > independent plugin or be incorporated into cordova-ios package. The > cordova-plugin-wkwebview-engine package while not officially declared > deprecated... will become obsolete soon given that it's only supported for > cordova-ios <= 5.x. It's pending a formal vote and I think one last release > for official deprecation. As of > cordova-ios@6 WKWebView is built into the core platform and UIWebView is > physically removed from the codebase. > > So if this could be adapted to support cordova-ios@6, I think that would > be better in the long term. > Kind regards, > Norman > On Dec 18 2020, at 6:21 pm, Julien Lamure <julien.lam...@nexjhealth.com> > wrote: > > Hello everyone, > > > > I'm senior DevOps engineer and team lead at NexJ Health, greetings from > Toronto, Canada. > > We're a provider of cloud-based population health management solutions > and our platform can also be accessed from a Cordova-based mobile app > available for Android and iOS. > > I've been recently working on the migration to the WKWebView engine for > iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the > ability to accept self-signed certificates. > > I'm not an iOS developer, it was the first time I was touching some > Objective-C code, but my patch is vastly inspired from what was done in > Oracle's cordova-plugin-wkwebview-file-xhr. > > We needed this feature because our developers test our mobile app along > with a server instance hosted on there workstation, and this local instance > uses self-signed certificates. > > > > I was thinking of creating a pull request on the official > cordova-plugin-wkwebview-engine to share this feature with the community > since I could see a lot of people asking how to do it, please let me know > if it's something that you would like me to do so. > > Our fork is currently in one of our private repositories. > > > > Cheers > > Julien > > > > ________________________________ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. Your privacy is important to us. > Accenture uses your personal data only in compliance with data protection > laws. For further information on how Accenture processes your personal > data, please see our privacy statement at > https://www.accenture.com/us-en/privacy-policy. > > ______________________________________________________________________________________ > > www.accenture.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org > >
