I'm just having a problem with understanding if I can get Apple HTTP live stream working over HTTPS.
I want to establish a https connection between a apache server holding the segmented media files and a ios client, be able to stream content that way. i tried it with and without certificate (including a intermediate in SSLCertificateChainFile) but nothing works. all is fine when i use http, but if I switch to https it doesn't work.
does anybody have a running linx configuration for that?
Related
I am trying to implement an HTTP server inside an iOS app. I could see similar apps in the app store. But in my case, embedded HTTP server has to communicate with external HTTPS Server. So now,
is the communication secured? Or do I need to implement HTTPS server, instead?
Is it possible to implement an HTTPS server in iOS app?
Will Apple reject this approach?
Thanks in Advance
I'm assuming that you use the internal HTTP server to provide interceped content for a WKWebView. I this case you web view connects to the HTTP server over HTTP and this connection is insecure. But generally this shouldn't be an issue because nobody can intercept the connection. You HTTP server connects to the internet over HTTPS, and this should be done because this connection could be compromised.
Don't be confused about the different protocols. If you call a HTTPS-URL NSURLSession will use HTTPS and use a secured connection. There is no pitfall or issue. You needn't to support HTTPS for the web view to server connection. This will give you not more notable security.
I use a similar setup in my application and it works perfectly.
BTW: In iOS 11 you may use WKURLSchemeHandler to intercept web view requests. This should be much easier than a local HTTP server. The disadvantage is, that you have to define a custom protocol (e.g. xhttp instead of http), and rewrite the URLs in the web content. But this should be much easier to achieve than a local HTTP server.
I am working on some app which as API call. while i add proxy in mobile and see response in web debugging tools. I can see my api call parameters and response too.
while in others app I cant see this things and it is secured.
how can i acheive this?
Pictures said your API is using non-secure HTTP protocol while others app using HTTPS. The Web API should be performed via HTTPS protocol. HTTPS using SSL/TLS as secure transport layer, it means all data are encrypted before they're online. So, we don't care about any kinds of proxy
Below snapshot has 2 wkwebviews in the iOS app.
Upper part - wkvebview1: loads html page from locally hosted secure CocoaHTTPServer on port 51092.
Lower part - wkvebview2: loads http url from locally hosted CocoaHTTPServer instance on port 51091.
Images loads fine in both wkwebviews. Not able to load video with secure webserver.
Is there any known limitation for wkWebview in iOS10 for video using secure webserver?
Sample iPhoneHttpServer Github link
SSL/TLS security requires a certificate that's valid for your server's hostname; by default, a WebView will not load content from a TLS server that cannot present a valid certificate. This makes secure mode for the HttpServer class essentially useless, as iPhones do not have stable public hostnames, and it is impossible to obtain a valid certificate for localhost.
In any case, enabling secure mode on a server running locally is hardly necessary; traffic to that server is local to the device, and cannot be intercepted.
Say I configured my NGINX server with SSL and
I am able to establish and keep a server sent events connection
to my Rails server.
Would every message from thereon from Rails to my browser be
undecipherable to any prying eyes on the Internet.
Moreover would I be even able to establish such a connection? Since all I hear is that SSE works over http.
Yes.
Be aware that connecting from an http html page to an https SSE URL counts as a different origin, meaning you will hit CORS restrictions.
According to a footnote in my book (Data Push Apps With HTML5 SSE) Chrome was not accepting self-signed SSL certificates for use with SSE, as of early 2014. (But it was also not accepting them for XMLHttpRequest, i.e. ajax, either.) (A quick search shows people still posting bug reports about self-signed certificates not working, so this might still be the case.)
I am trying to write up an HTTP proxy server in node.js, and I have successfully managed to route unsecure HTTP connections through it. But when applications (on my iOS device) use HTTPS for APIs 'n such, it always throws an error, and the attempted HTTPS connection never hits the server. So there are a few explanations of what could possibly be happening:
iOS chooses not to send HTTPS connections over the proxy for security reasons
iOS is looking for an HTTPS connection at the server on a different port, but can't find one
Basically what I am asking is: What does iOS do with HTTPS connections when an HTTP proxy is configured?
Please ask for any details or further questions in the comments. Thanks.