Hello Cordova team
Hello everyone, I'm senior DevOps engineer and team lead at NexJ Health, greetings from Toronto, Canada. We're a provider of cloud-based population health management solutions and our platform can also be accessed from a Cordova-based mobile app available for Android and iOS. I've been recently working on the migration to the WKWebView engine for iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to accept self-signed certificates. I'm not an iOS developer, it was the first time I was touching some Objective-C code, but my patch is vastly inspired from what was done in Oracle's cordova-plugin-wkwebview-file-xhr. We needed this feature because our developers test our mobile app along with a server instance hosted on there workstation, and this local instance uses self-signed certificates. I was thinking of creating a pull request on the official cordova-plugin-wkwebview-engine to share this feature with the community since I could see a lot of people asking how to do it, please let me know if it's something that you would like me to do so. Our fork is currently in one of our private repositories. Cheers Julien
Re: Hello Cordova team
Hi Julien, Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase. So if this could be adapted to support cordova-ios@6, I think that would be better in the long term. Kind regards, Norman On Dec 18 2020, at 6:21 pm, Julien Lamure wrote: > Hello everyone, > > I'm senior DevOps engineer and team lead at NexJ Health, greetings from > Toronto, Canada. > We're a provider of cloud-based population health management solutions and > our platform can also be accessed from a Cordova-based mobile app available > for Android and iOS. > I've been recently working on the migration to the WKWebView engine for iOS, > and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to > accept self-signed certificates. > I'm not an iOS developer, it was the first time I was touching some > Objective-C code, but my patch is vastly inspired from what was done in > Oracle's cordova-plugin-wkwebview-file-xhr. > We needed this feature because our developers test our mobile app along with > a server instance hosted on there workstation, and this local instance uses > self-signed certificates. > > I was thinking of creating a pull request on the official > cordova-plugin-wkwebview-engine to share this feature with the community > since I could see a lot of people asking how to do it, please let me know if > it's something that you would like me to do so. > Our fork is currently in one of our private repositories. > > Cheers > Julien >
RE: Hello Cordova team
Hi Norman, You're right, it would totally make sense to have this directly built in cordova-ios@6. I had to add this feature to cordova-plugin-wkwebview-engine because we're using Monaca to build our app and cordova-ios@5.1.1 is the most recent version they give us access to for the moment. And I totally agree that allowing self-signed certificates is a big no-go for release builds, our automated build processes make sure it's only available for developer builds (accepting or refusing self-signed certificates is controlled by a preference in the config.xml file). I'm going to see if I can figure out how to incorporate it into cordova-ios@6 then, but maybe I can still also create the pull request for cordova-plugin-wkwebview-engine so that other Monaca customers like us can use it while waiting for getting access to cordova-ios@6. Cheers, Julien -Original Message- From: Norman Breau Sent: December 18, 2020 5:49 PM To: dev@cordova.apache.org Cc: dev@cordova.apache.org Subject: Re: Hello Cordova team CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe. Hi Julien, Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase. So if this could be adapted to support cordova-ios@6, I think that would be better in the long term. Kind regards, Norman On Dec 18 2020, at 6:21 pm, Julien Lamure wrote: > Hello everyone, > > I'm senior DevOps engineer and team lead at NexJ Health, greetings from > Toronto, Canada. > We're a provider of cloud-based population health management solutions and > our platform can also be accessed from a Cordova-based mobile app available > for Android and iOS. > I've been recently working on the migration to the WKWebView engine for iOS, > and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to > accept self-signed certificates. > I'm not an iOS developer, it was the first time I was touching some > Objective-C code, but my patch is vastly inspired from what was done in > Oracle's cordova-plugin-wkwebview-file-xhr. > We needed this feature because our developers test our mobile app along with > a server instance hosted on there workstation, and this local instance uses > self-signed certificates. > > I was thinking of creating a pull request on the official > cordova-plugin-wkwebview-engine to share this feature with the community > since I could see a lot of people asking how to do it, please let me know if > it's something that you would like me to do so. > Our fork is currently in one of our private repositories. > > Cheers > Julien >
Re: Hello Cordova team
Hi, @Julien: Can you detail your feature a bit more? We are also using self-signed certificates for testing. We are working with the Cordova standard and install our self-signed certificate on the testing iOS devices as trusted root certificate. Then everything works out of the box. Which additional features does your extension bring? Kind regards, Mathias From: Julien Lamure Date: Saturday, 19. December 2020 at 00:21 To: dev@cordova.apache.org Subject: [External] RE: Hello Cordova team This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. Hi Norman, You're right, it would totally make sense to have this directly built in cordova-ios@6. I had to add this feature to cordova-plugin-wkwebview-engine because we're using Monaca to build our app and cordova-ios@5.1.1 is the most recent version they give us access to for the moment. And I totally agree that allowing self-signed certificates is a big no-go for release builds, our automated build processes make sure it's only available for developer builds (accepting or refusing self-signed certificates is controlled by a preference in the config.xml file). I'm going to see if I can figure out how to incorporate it into cordova-ios@6 then, but maybe I can still also create the pull request for cordova-plugin-wkwebview-engine so that other Monaca customers like us can use it while waiting for getting access to cordova-ios@6. Cheers, Julien -Original Message- From: Norman Breau Sent: December 18, 2020 5:49 PM To: dev@cordova.apache.org Cc: dev@cordova.apache.org Subject: Re: Hello Cordova team CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe. Hi Julien, Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase. So if this could be adapted to support cordova-ios@6, I think that would be better in the long term. Kind regards, Norman On Dec 18 2020, at 6:21 pm, Julien Lamure wrote: > Hello everyone, > > I'm senior DevOps engineer and team lead at NexJ Health, greetings from > Toronto, Canada. > We're a provider of cloud-based population health management solutions and > our platform can also be accessed from a Cordova-based mobile app available > for Android and iOS. > I've been recently working on the migration to the WKWebView engine for iOS, > and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to > accept self-signed certificates. > I'm not an iOS developer, it was the first time I was touching some > Objective-C code, but my patch is vastly inspired from what was done in > Oracle's cordova-plugin-wkwebview-file-xhr. > We needed this feature because our developers test our mobile app along with > a server instance hosted on there workstation, and this local instance uses > self-signed certificates. > > I was thinking of creating a pull request on the official > cordova-plugin-wkwebview-engine to share this feature with the community > since I could see a lot of people asking how to do it, please let me know if > it's something that you would like me to do so. > Our fork is currently in one of our private repositories. > > Cheers > Julien > This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. __ www.accenture.com
RE: Hello Cordova team
Hi Mathias, With this feature, we don't need to do anything on the device to be able to access web resources hosted on a server that uses self-signed certificates. As I said in a previous message, making the device accept or not untrusted certificates is controlled by a preference in the config.xml file. Then, the corresponding Objective-C code controlled by the preference intercepts the HTTPS request right when iOS evaluates the certificate and dynamically adds an exception so that all certificates get accepted. We configure this preference at build time so that our development versions can accept the self-signed certificates used by our developers local VMs, and it's disabled for our production builds. It's basically working the same way as this Oracle plugin: https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration However, when I tried to use the Oracle plugin for our app, I never managed to make it work properly, so I ended up adding the same mechanics to cordova-plugin-wkwebview-engine so that it could accept all certificates as well. Cheers, Julien -Original Message- From: Scheffe, Mathias Sent: December 22, 2020 1:47 AM To: dev@cordova.apache.org Subject: Re: Hello Cordova team CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe. Hi, @Julien: Can you detail your feature a bit more? We are also using self-signed certificates for testing. We are working with the Cordova standard and install our self-signed certificate on the testing iOS devices as trusted root certificate. Then everything works out of the box. Which additional features does your extension bring? Kind regards, Mathias From: Julien Lamure Date: Saturday, 19. December 2020 at 00:21 To: dev@cordova.apache.org Subject: [External] RE: Hello Cordova team This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. Hi Norman, You're right, it would totally make sense to have this directly built in cordova-ios@6. I had to add this feature to cordova-plugin-wkwebview-engine because we're using Monaca to build our app and cordova-ios@5.1.1 is the most recent version they give us access to for the moment. And I totally agree that allowing self-signed certificates is a big no-go for release builds, our automated build processes make sure it's only available for developer builds (accepting or refusing self-signed certificates is controlled by a preference in the config.xml file). I'm going to see if I can figure out how to incorporate it into cordova-ios@6 then, but maybe I can still also create the pull request for cordova-plugin-wkwebview-engine so that other Monaca customers like us can use it while waiting for getting access to cordova-ios@6. Cheers, Julien -Original Message- From: Norman Breau Sent: December 18, 2020 5:49 PM To: dev@cordova.apache.org Cc: dev@cordova.apache.org Subject: Re: Hello Cordova team CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe. Hi Julien, Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase. So if this could be adapted to support cordova-ios@6, I think that would be better in the long term. Kind regards, Norman On Dec 18 2020, at 6:21 pm, Julien Lamure wrote: > Hello everyone, > > I'm senior DevOps engineer and team lead at NexJ Health, greetings from > Toronto, Canada. > We're a provider of cloud-based population health management solutions and > our platform can also be accessed from a Cordova-based mobile app available > for Android and iOS. > I've been recently working on the migration to the WKWebView engine for iOS, > and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to > accept self-signed certificates. > I'm not an iOS developer, it was the first time I was touching some > Objective-C code, but my patch is vastly inspired from what was done in > Oracle's cordova-plugin-wkwebview-file-xhr. > We needed this feature because our developers test our mobile app along with > a server insta
Re: Hello Cordova team
Hi Julian I would recommend you consider announcing and sharing whatever you have, in case it may help others or receive any contributions. Thanks! On Tue, Dec 22, 2020 at 11:28 AM Julien Lamure wrote: > Hi Mathias, > > With this feature, we don't need to do anything on the device to be able > to access web resources hosted on a server that uses self-signed > certificates. > As I said in a previous message, making the device accept or not untrusted > certificates is controlled by a preference in the config.xml file. Then, > the corresponding Objective-C code controlled by the preference intercepts > the HTTPS request right when iOS evaluates the certificate and dynamically > adds an exception so that all certificates get accepted. > We configure this preference at build time so that our development > versions can accept the self-signed certificates used by our developers > local VMs, and it's disabled for our production builds. > It's basically working the same way as this Oracle plugin: > https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration > However, when I tried to use the Oracle plugin for our app, I never > managed to make it work properly, so I ended up adding the same mechanics > to cordova-plugin-wkwebview-engine so that it could accept all certificates > as well. > > Cheers, > Julien > > -Original Message- > From: Scheffe, Mathias > Sent: December 22, 2020 1:47 AM > To: dev@cordova.apache.org > Subject: Re: Hello Cordova team > > CAUTION: This email came from outside NexJ. Do not click links or open > attachments unless you recognize the sender and know the contents are safe. > > Hi, > > @Julien: Can you detail your feature a bit more? > We are also using self-signed certificates for testing. We are working > with the Cordova standard and install our self-signed certificate on the > testing iOS devices as trusted root certificate. Then everything works out > of the box. Which additional features does your extension bring? > > Kind regards, > Mathias > > From: Julien Lamure > Date: Saturday, 19. December 2020 at 00:21 > To: dev@cordova.apache.org > Subject: [External] RE: Hello Cordova team This message is from an > EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. > > Hi Norman, > > You're right, it would totally make sense to have this directly built in > cordova-ios@6. > I had to add this feature to cordova-plugin-wkwebview-engine because we're > using Monaca to build our app and cordova-ios@5.1.1 is the most recent > version they give us access to for the moment. > And I totally agree that allowing self-signed certificates is a big no-go > for release builds, our automated build processes make sure it's only > available for developer builds (accepting or refusing self-signed > certificates is controlled by a preference in the config.xml file). > I'm going to see if I can figure out how to incorporate it into > cordova-ios@6 then, but maybe I can still also create the pull request > for cordova-plugin-wkwebview-engine so that other Monaca customers like us > can use it while waiting for getting access to cordova-ios@6. > > Cheers, > Julien > > -Original Message- > From: Norman Breau > Sent: December 18, 2020 5:49 PM > To: dev@cordova.apache.org > Cc: dev@cordova.apache.org > Subject: Re: Hello Cordova team > > CAUTION: This email came from outside NexJ. Do not click links or open > attachments unless you recognize the sender and know the contents are safe. > > Hi Julien, > > Ability to accept self-signed certificates for development builds sounds > like a neat enhancement and I personally would give my thumbs up for this > kind of feature. I would be hesitant to allow self-signed certificates for > release builds. I'm wondering if this could be adapted to either an > independent plugin or be incorporated into cordova-ios package. The > cordova-plugin-wkwebview-engine package while not officially declared > deprecated... will become obsolete soon given that it's only supported for > cordova-ios <= 5.x. It's pending a formal vote and I think one last release > for official deprecation. As of > cordova-ios@6 WKWebView is built into the core platform and UIWebView is > physically removed from the codebase. > > So if this could be adapted to support cordova-ios@6, I think that would > be better in the long term. > Kind regards, > Norman > On Dec 18 2020, at 6:21 pm, Julien Lamure > wrote: > > Hello everyone, > > > > I'm senior DevOps engineer and team lead at NexJ Health, greetings from > Toronto, Canada. > > We're a provider of cloud-based population he
Re: Hello Cordova team
Hi Julian, I read that your using Monaca and building with cordova-ios@5.1.1 and also said that it is "the most recent version they give us access to for the moment." Monaca has reported that Cordova CLI 10.x and Cordova-iOS 6.x support was implemented & released on November 19th. If you do not see Cordova-iOS 6.x as a platform option, then the project's Cordova CLI version is not up-to-date. First, upgrade the project's CLI version before you can select the new iOS version. > On Dec 23, 2020, at 2:13, Chris Brody wrote: > > Hi Julian I would recommend you consider announcing and sharing > whatever you have, in case it may help others or receive any contributions. > Thanks! > > > On Tue, Dec 22, 2020 at 11:28 AM Julien Lamure > wrote: > >> Hi Mathias, >> >> With this feature, we don't need to do anything on the device to be able >> to access web resources hosted on a server that uses self-signed >> certificates. >> As I said in a previous message, making the device accept or not untrusted >> certificates is controlled by a preference in the config.xml file. Then, >> the corresponding Objective-C code controlled by the preference intercepts >> the HTTPS request right when iOS evaluates the certificate and dynamically >> adds an exception so that all certificates get accepted. >> We configure this preference at build time so that our development >> versions can accept the self-signed certificates used by our developers >> local VMs, and it's disabled for our production builds. >> It's basically working the same way as this Oracle plugin: >> https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration >> However, when I tried to use the Oracle plugin for our app, I never >> managed to make it work properly, so I ended up adding the same mechanics >> to cordova-plugin-wkwebview-engine so that it could accept all certificates >> as well. >> >> Cheers, >> Julien >> >> -Original Message- >> From: Scheffe, Mathias >> Sent: December 22, 2020 1:47 AM >> To: dev@cordova.apache.org >> Subject: Re: Hello Cordova team >> >> CAUTION: This email came from outside NexJ. Do not click links or open >> attachments unless you recognize the sender and know the contents are safe. >> >> Hi, >> >> @Julien: Can you detail your feature a bit more? >> We are also using self-signed certificates for testing. We are working >> with the Cordova standard and install our self-signed certificate on the >> testing iOS devices as trusted root certificate. Then everything works out >> of the box. Which additional features does your extension bring? >> >> Kind regards, >> Mathias >> >> From: Julien Lamure >> Date: Saturday, 19. December 2020 at 00:21 >> To: dev@cordova.apache.org >> Subject: [External] RE: Hello Cordova team This message is from an >> EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. >> >> Hi Norman, >> >> You're right, it would totally make sense to have this directly built in >> cordova-ios@6. >> I had to add this feature to cordova-plugin-wkwebview-engine because we're >> using Monaca to build our app and cordova-ios@5.1.1 is the most recent >> version they give us access to for the moment. >> And I totally agree that allowing self-signed certificates is a big no-go >> for release builds, our automated build processes make sure it's only >> available for developer builds (accepting or refusing self-signed >> certificates is controlled by a preference in the config.xml file). >> I'm going to see if I can figure out how to incorporate it into >> cordova-ios@6 then, but maybe I can still also create the pull request >> for cordova-plugin-wkwebview-engine so that other Monaca customers like us >> can use it while waiting for getting access to cordova-ios@6. >> >> Cheers, >> Julien >> >> -Original Message- >> From: Norman Breau >> Sent: December 18, 2020 5:49 PM >> To: dev@cordova.apache.org >> Cc: dev@cordova.apache.org >> Subject: Re: Hello Cordova team >> >> CAUTION: This email came from outside NexJ. Do not click links or open >> attachments unless you recognize the sender and know the contents are safe. >> >> Hi Julien, >> >> Ability to accept self-signed certificates for development builds sounds >> like a neat enhancement and I personally would give my thumbs up for this >> kind of feature. I would be hesitant to allow self-signed certificates for >> r
RE: Hello Cordova team
Hi everyone, @Brian: Thanks for the info, I'll upgrade it then. @Chris: I'll create the PR on cordova-plugin-wkwebview-engine today since it's the one I originally modified and tested, then I'll try to do the same with cordova-ios@6 once our project will be upgraded to use this version. Thank you Julien -Original Message- From: Bryan Ellis Sent: December 22, 2020 11:09 PM To: dev@cordova.apache.org Subject: Re: Hello Cordova team CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe. Hi Julian, I read that your using Monaca and building with cordova-ios@5.1.1 and also said that it is "the most recent version they give us access to for the moment." Monaca has reported that Cordova CLI 10.x and Cordova-iOS 6.x support was implemented & released on November 19th. If you do not see Cordova-iOS 6.x as a platform option, then the project's Cordova CLI version is not up-to-date. First, upgrade the project's CLI version before you can select the new iOS version. > On Dec 23, 2020, at 2:13, Chris Brody wrote: > > Hi Julian I would recommend you consider announcing and sharing > whatever you have, in case it may help others or receive any contributions. > Thanks! > > > On Tue, Dec 22, 2020 at 11:28 AM Julien Lamure > > wrote: > >> Hi Mathias, >> >> With this feature, we don't need to do anything on the device to be >> able to access web resources hosted on a server that uses self-signed >> certificates. >> As I said in a previous message, making the device accept or not >> untrusted certificates is controlled by a preference in the >> config.xml file. Then, the corresponding Objective-C code controlled >> by the preference intercepts the HTTPS request right when iOS >> evaluates the certificate and dynamically adds an exception so that all >> certificates get accepted. >> We configure this preference at build time so that our development >> versions can accept the self-signed certificates used by our >> developers local VMs, and it's disabled for our production builds. >> It's basically working the same way as this Oracle plugin: >> https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configura >> tion However, when I tried to use the Oracle plugin for our app, I >> never managed to make it work properly, so I ended up adding the same >> mechanics to cordova-plugin-wkwebview-engine so that it could accept >> all certificates as well. >> >> Cheers, >> Julien >> >> -Original Message- >> From: Scheffe, Mathias >> Sent: December 22, 2020 1:47 AM >> To: dev@cordova.apache.org >> Subject: Re: Hello Cordova team >> >> CAUTION: This email came from outside NexJ. Do not click links or >> open attachments unless you recognize the sender and know the contents are >> safe. >> >> Hi, >> >> @Julien: Can you detail your feature a bit more? >> We are also using self-signed certificates for testing. We are >> working with the Cordova standard and install our self-signed >> certificate on the testing iOS devices as trusted root certificate. >> Then everything works out of the box. Which additional features does your >> extension bring? >> >> Kind regards, >> Mathias >> >> From: Julien Lamure >> Date: Saturday, 19. December 2020 at 00:21 >> To: dev@cordova.apache.org >> Subject: [External] RE: Hello Cordova team This message is from an >> EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments. >> >> Hi Norman, >> >> You're right, it would totally make sense to have this directly built >> in cordova-ios@6. >> I had to add this feature to cordova-plugin-wkwebview-engine because >> we're using Monaca to build our app and cordova-ios@5.1.1 is the most >> recent version they give us access to for the moment. >> And I totally agree that allowing self-signed certificates is a big >> no-go for release builds, our automated build processes make sure >> it's only available for developer builds (accepting or refusing >> self-signed certificates is controlled by a preference in the config.xml >> file). >> I'm going to see if I can figure out how to incorporate it into >> cordova-ios@6 then, but maybe I can still also create the pull >> request for cordova-plugin-wkwebview-engine so that other Monaca >> customers like us can use it while waiting for getting access to >> cordova-ios@6. >> >> Cheers, >> Julien >> >>
