Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Pinning for WebView? #13

Open
jaxley opened this issue Feb 21, 2014 · 3 comments
Open

SSL Pinning for WebView? #13

jaxley opened this issue Feb 21, 2014 · 3 comments

Comments

@jaxley
Copy link

jaxley commented Feb 21, 2014

A common omission in certificate pinning implementations and discussions seems to be coverage for WebView requests. Are there plans to provide a sample WebViewClient implementation that invokes the pinning code to make secure requests so developers will know how to do this securely?
@travismorrow-okta
Copy link

Great Question - The only method I've seen is implementing shouldinterceptrequest and handling the connections through your pinning implementation and passing back data :-/

@jaxley
Copy link
Author

jaxley commented Oct 20, 2014

I've seen that, however, shouldInterceptRequest is Synchronous and this would force all web requests to be synchronous in order to be able to supply the data in the return value of this method, as far as I can tell. Not sure what the performance implications of that would be for a typical webview - would there be blocking on the thread? Of course, there is also the caveat that this excludes all older Android OSes (before Honeycomb), although there's good reason to exclude those anyhow.

@CodinRonin
Copy link

Also, a way to handle post requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jaxley @CodinRonin @travismorrow-okta