AndroidPinning icon indicating copy to clipboard operation
AndroidPinning copied to clipboard

Published 20 hours ago verified publisher icon moxie0

SSL Pinning for WebView?

Open jaxley opened this issue 11 years ago • 3 comments

A common omission in certificate pinning implementations and discussions seems to be coverage for WebView requests. Are there plans to provide a sample WebViewClient implementation that invokes the pinning code to make secure requests so developers will know how to do this securely?

jaxley avatar Feb 21 '14 19:02 jaxley

Great Question - The only method I've seen is implementing shouldinterceptrequest and handling the connections through your pinning implementation and passing back data :-/

travismorrow-okta avatar Oct 17 '14 23:10 travismorrow-okta

I've seen that, however, shouldInterceptRequest is Synchronous and this would force all web requests to be synchronous in order to be able to supply the data in the return value of this method, as far as I can tell. Not sure what the performance implications of that would be for a typical webview - would there be blocking on the thread? Of course, there is also the caveat that this excludes all older Android OSes (before Honeycomb), although there's good reason to exclude those anyhow.

jaxley avatar Oct 20 '14 04:10 jaxley

Also, a way to handle post requests.

CodinRonin avatar Mar 23 '15 10:03 CodinRonin