You can force UIWebView
to show web pages with invalid certificates. This
sample app precisely allows a few predefined domains, rather than blindly
allowing all insecure HTTPS loads.
You don't need to go through the whole source codes. Just take a look at the two source files.
Using UIWebViewDelegate
, it intercepts the HTTPS requests before it fails. The
answers in stack overflow solve this problem with a few codes but it
doesn't cover all corner cases. To do this in production, The logic gets quite
complicated. You'll have read the whole codes of ViewController.m.
2. Info.plist
It makes a few exceptions to the iOS's App Transport Security. You'll have to configure it, server-by-server.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>m.domain.go.kr</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key><true/>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key><false/>
</dict>
<key>www.domain.go.kr</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key><true/>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key><false/>
</dict>
</dict>
</dict>
- UIWebView to view self signed websites - is it possible? - stack overflow
- Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11 - by Steven Peterson
ios-dangerous-webview-practice is primarily distributed under the terms of both the MIT license and the Apache License (Version 2.0). See COPYRIGHT for details.