cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcel Kinard (JIRA)" <>
Subject [jira] [Commented] (CB-6693) Investigate Certificate Pinning for Third-Party WebViews
Date Tue, 20 May 2014 21:54:38 GMT


Marcel Kinard commented on CB-6693:

Although I freely admit it would be a hack and not "true cert pinning", one idea I've been
kicking around for the default webview on Android would be a JS API to "check the server's
cert now". So it would be it-only-gets-checked-at-specific-times instead of checked-on-every-connection.
It might be enough of an approximation to be good enough with disclaimers. It seems a shame
for lack-of-support on Android to prevent us from doing it right on iOS. But yeah, if third-party
webviews have the ability to do it right, it should be done.

> Investigate Certificate Pinning for Third-Party WebViews
> --------------------------------------------------------
>                 Key: CB-6693
>                 URL:
>             Project: Apache Cordova
>          Issue Type: Sub-task
>          Components: Android
>            Reporter: Joe Bowser
>             Fix For: 4.0.0

This message was sent by Atlassian JIRA

View raw message