iOS: httpd trusted_urls are not working for non standard ports

trigger platform used: v2.9.1beta-3

I want to open https://localhost.mytld.com:9360 in the main WKWebView of my app, but the WebView does not (blocks the navigation).

relevant config part:

     "trusted_urls": [
         "https://localhost.mytld.com:9360/*",
         "http://localhost.mytld.com:9360/*",
         "http://*/*",
         "https://*/*"
     ],
     "httpd": {
         "port": 9360,
         "url": "https://localhost:9360/src/index.html",
         "certificate_path": "localhost.p12",
         "certificate_password": ***
     }

Possible reasons:

  • mby trusted_urls don’t work for unprivileged ports
  • mby the server stops when leaving localhost

Why I am trying to do this:

The DNS record of localhost.mytld.com points to 127.0.0.1, so the trigger would run under the same tld as the api needs to talk to. This should make cookies work again under iOS14 with ITP active.

I also noticed that the url parameter in the httpd config seems to ignore the domain specified entirely.

Regardless if I set it to https://127.0.0.1:9360/src/index.html, https://localhost.mytld.com:9360/src/index.html, https://frontend.mytld.com/src/index.html… it always ends up at https://localhost:9360/src/index.html

Two things going on:

  1. When we hardcoded httpd into 2.8.x we also moved the location of the url parameter. It’s now on the same level as trusted_urls. This has caught me out a few times! :sweat_smile:

  2. The pattern matcher for trusted_urls is mindbendingly stupid and doesn’t know about ports.

So something like this should work:

"general": {
    "logging": {
        "level": "DEBUG"
    },
    "reload": true,
    "url": "https://toolkit-local.com:9360/src/index.html",
    "trusted_urls": [
        "https://toolkit-local.com/*"
    ],
    "httpd": {
        "port": 9360,
        "certificate_path": "toolkit-local.com.p12",
        "certificate_password": "changeit"
    }
},

…with a:

<button onclick="window.location.href='https://toolkit-local.com:9360/src/some-page.html';">
    click me!
</button>

Finally I assume you’ve already taken care of the following, but just in case:

The localhost.mytld.com certificate needs to be issued by a certifying authority. The only self-signed certificates forge will ever accept are for 127.0.0.1 or localhost.

Anyone is free to hit me up for a copy of the toolkit-local.com cert :slight_smile:

1 Like

This works. Thanks Antoine.

1 Like