http
http copied to clipboard
capacitor-community
Support SSL pinning
Is your feature request related to a problem? Please describe.
We are currently trying to make SSL pinning work but because that does not work with Angular's httpClient I was looking for a native plugin and this Capacitor equivalent of cordova-plugin-advanced-http looks pretty good so far. Adding support for SSL pinning would make it more enterprise ready in my opinion.
See: silkimen/cordova-plugin-advanced-http#setservertrustmode
Describe the solution you'd like
Add a cordova-plugin-advanced-http#setservertrustmode equivalent or similar.
Describe alternatives you've considered
Always open for better/more secure solutions.
Additional context
I would love to but haven't added SSL pinning in any of my projects so I hope someone else will add more information about securing requests here.
Have you tried configuring it via xml ? https://developer.android.com/training/articles/security-config#CertificatePinning
Would very much love to see this feature as well!
To expand on the comment by @sla100: It is indeed very easy and straightforward to enable SSL Pinning on Android, however following this approach for iOS: https://developer.apple.com/news/?id=g9ejcf8y does NOT work. Unfortunately, this is due to a bug in their implementation of WkWebView which simply ignores any values set for NSAppTransportSecurity. See: https://developer.apple.com/forums/thread/681734?login=true
Could someone from the capacitor team indicate how much work it would be to implement this? At my company we're considering writing this feature ourselves for capacitor/http and opening a PR. Getting an estimate for the amount of work required would help us make a decision on whether this is worth the time investment.
