Hello Cordova team

[Julien Lamure <ju...@nexjhealth.com>]

Hello everyone,

I'm senior DevOps engineer and team lead at NexJ Health, greetings from Toronto, Canada.

We're a provider of cloud-based population health management solutions and our platform can also be accessed from a Cordova-based mobile app available for Android and iOS.
I've been recently working on the migration to the WKWebView engine for iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to accept self-signed certificates.
I'm not an iOS developer, it was the first time I was touching some Objective-C code, but my patch is vastly inspired from what was done in Oracle's cordova-plugin-wkwebview-file-xhr.
We needed this feature because our developers test our mobile app along with a server instance hosted on there workstation, and this local instance uses self-signed certificates.

I was thinking of creating a pull request on the official cordova-plugin-wkwebview-engine to share this feature with the community since I could see a lot of people asking how to do it, please let me know if it's something that you would like me to do so.
Our fork is currently in one of our private repositories.

Cheers
Julien

RE: Hello Cordova team

[Julien Lamure <ju...@nexjhealth.com>]

Hi everyone,

@Brian: Thanks for the info, I'll upgrade it then.

@Chris: I'll create the PR on cordova-plugin-wkwebview-engine today since it's the one I originally modified and tested, then I'll try to do the same with cordova-ios@6 once our project will be upgraded to use this version.

Thank you
Julien

-----Original Message-----
From: Bryan Ellis <er...@apache.org> 
Sent: December 22, 2020 11:09 PM
To: dev@cordova.apache.org
Subject: Re: Hello Cordova team

CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe.

Hi Julian,

I read that your using Monaca and building with cordova-ios@5.1.1 and also said that it is "the most recent version they give us access to for the moment."

Monaca has reported that Cordova CLI 10.x and Cordova-iOS 6.x support was implemented & released on November 19th.

If you do not see Cordova-iOS 6.x as a platform option, then the project's Cordova CLI version is not up-to-date. First, upgrade the project's CLI version before you can select the new iOS version.




> On Dec 23, 2020, at 2:13, Chris Brody <ch...@gmail.com> wrote:
>
> Hi Julian I would recommend you consider announcing and sharing 
> whatever you have, in case it may help others or receive any contributions.
> Thanks!
>
>
> On Tue, Dec 22, 2020 at 11:28 AM Julien Lamure 
> <ju...@nexjhealth.com>
> wrote:
>
>> Hi Mathias,
>>
>> With this feature, we don't need to do anything on the device to be 
>> able to access web resources hosted on a server that uses self-signed 
>> certificates.
>> As I said in a previous message, making the device accept or not 
>> untrusted certificates is controlled by a preference in the 
>> config.xml file. Then, the corresponding Objective-C code controlled 
>> by the preference intercepts the HTTPS request right when iOS 
>> evaluates the certificate and dynamically adds an exception so that all certificates get accepted.
>> We configure this preference at build time so that our development 
>> versions can accept the self-signed certificates used by our 
>> developers local VMs, and it's disabled for our production builds.
>> It's basically working the same way as this Oracle plugin:
>> https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configura
>> tion However, when I tried to use the Oracle plugin for our app, I 
>> never managed to make it work properly, so I ended up adding the same 
>> mechanics to cordova-plugin-wkwebview-engine so that it could accept 
>> all certificates as well.
>>
>> Cheers,
>> Julien
>>
>> -----Original Message-----
>> From: Scheffe, Mathias <ma...@accenture.com.INVALID>
>> Sent: December 22, 2020 1:47 AM
>> To: dev@cordova.apache.org
>> Subject: Re: Hello Cordova team
>>
>> CAUTION: This email came from outside NexJ. Do not click links or 
>> open attachments unless you recognize the sender and know the contents are safe.
>>
>> Hi,
>>
>> @Julien: Can you detail your feature a bit more?
>> We are also using self-signed certificates for testing. We are 
>> working with the Cordova standard and install our self-signed 
>> certificate on the testing iOS devices as trusted root certificate. 
>> Then everything works out of the box. Which additional features does your extension bring?
>>
>> Kind regards,
>> Mathias
>>
>> From: Julien Lamure <ju...@nexjhealth.com>
>> Date: Saturday, 19. December 2020 at 00:21
>> To: dev@cordova.apache.org <de...@cordova.apache.org>
>> Subject: [External] RE: Hello Cordova team This message is from an 
>> EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
>>
>> Hi Norman,
>>
>> You're right, it would totally make sense to have this directly built 
>> in cordova-ios@6.
>> I had to add this feature to cordova-plugin-wkwebview-engine because 
>> we're using Monaca to build our app and cordova-ios@5.1.1 is the most 
>> recent version they give us access to for the moment.
>> And I totally agree that allowing self-signed certificates is a big 
>> no-go for release builds, our automated build processes make sure 
>> it's only available for developer builds (accepting or refusing 
>> self-signed certificates is controlled by a preference in the config.xml file).
>> I'm going to see if I can figure out how to incorporate it into
>> cordova-ios@6 then, but maybe I can still also create the pull 
>> request for cordova-plugin-wkwebview-engine so that other Monaca 
>> customers like us can use it while waiting for getting access to cordova-ios@6.
>>
>> Cheers,
>> Julien
>>
>> -----Original Message-----
>> From: Norman Breau <no...@nbsolutions.ca>
>> Sent: December 18, 2020 5:49 PM
>> To: dev@cordova.apache.org
>> Cc: dev@cordova.apache.org
>> Subject: Re: Hello Cordova team
>>
>> CAUTION: This email came from outside NexJ. Do not click links or 
>> open attachments unless you recognize the sender and know the contents are safe.
>>
>> Hi Julien,
>>
>> Ability to accept self-signed certificates for development builds 
>> sounds like a neat enhancement and I personally would give my thumbs 
>> up for this kind of feature. I would be hesitant to allow self-signed 
>> certificates for release builds. I'm wondering if this could be 
>> adapted to either an independent plugin or be incorporated into 
>> cordova-ios package. The cordova-plugin-wkwebview-engine package 
>> while not officially declared deprecated... will become obsolete soon 
>> given that it's only supported for cordova-ios <= 5.x. It's pending a 
>> formal vote and I think one last release for official deprecation. As 
>> of
>> cordova-ios@6 WKWebView is built into the core platform and UIWebView 
>> is physically removed from the codebase.
>>
>> So if this could be adapted to support cordova-ios@6, I think that 
>> would be better in the long term.
>> Kind regards,
>> Norman
>> On Dec 18 2020, at 6:21 pm, Julien Lamure 
>> <ju...@nexjhealth.com>
>> wrote:
>>> Hello everyone,
>>>
>>> I'm senior DevOps engineer and team lead at NexJ Health, greetings 
>>> from
>> Toronto, Canada.
>>> We're a provider of cloud-based population health management 
>>> solutions
>> and our platform can also be accessed from a Cordova-based mobile app 
>> available for Android and iOS.
>>> I've been recently working on the migration to the WKWebView engine 
>>> for
>> iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds 
>> the ability to accept self-signed certificates.
>>> I'm not an iOS developer, it was the first time I was touching some
>> Objective-C code, but my patch is vastly inspired from what was done 
>> in Oracle's cordova-plugin-wkwebview-file-xhr.
>>> We needed this feature because our developers test our mobile app 
>>> along
>> with a server instance hosted on there workstation, and this local 
>> instance uses self-signed certificates.
>>>
>>> I was thinking of creating a pull request on the official
>> cordova-plugin-wkwebview-engine to share this feature with the 
>> community since I could see a lot of people asking how to do it, 
>> please let me know if it's something that you would like me to do so.
>>> Our fork is currently in one of our private repositories.
>>>
>>> Cheers
>>> Julien
>>>
>>
>> ________________________________
>>
>> This message is for the designated recipient only and may contain 
>> privileged, proprietary, or otherwise confidential information. If 
>> you have received it in error, please notify the sender immediately 
>> and delete the original. Any other use of the e-mail by you is 
>> prohibited. Where allowed by local law, electronic communications 
>> with Accenture and its affiliates, including e-mail and instant 
>> messaging (including content), may be scanned by our systems for the 
>> purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us.
>> Accenture uses your personal data only in compliance with data 
>> protection laws. For further information on how Accenture processes 
>> your personal data, please see our privacy statement at 
>> https://www.accenture.com/us-en/privacy-policy.
>>
>> _____________________________________________________________________
>> _________________
>>
>> www.accenture.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> For additional commands, e-mail: dev-help@cordova.apache.org
>>
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org

Re: Hello Cordova team

[Bryan Ellis <er...@apache.org>]

Hi Julian,

I read that your using Monaca and building with cordova-ios@5.1.1 and also said that it is "the most recent version they give us access to for the moment."

Monaca has reported that Cordova CLI 10.x and Cordova-iOS 6.x support was implemented & released on November 19th.

If you do not see Cordova-iOS 6.x as a platform option, then the project's Cordova CLI version is not up-to-date. First, upgrade the project's CLI version before you can select the new iOS version.




> On Dec 23, 2020, at 2:13, Chris Brody <ch...@gmail.com> wrote:
> 
> Hi Julian I would recommend you consider announcing and sharing
> whatever you have, in case it may help others or receive any contributions.
> Thanks!
> 
> 
> On Tue, Dec 22, 2020 at 11:28 AM Julien Lamure <ju...@nexjhealth.com>
> wrote:
> 
>> Hi Mathias,
>> 
>> With this feature, we don't need to do anything on the device to be able
>> to access web resources hosted on a server that uses self-signed
>> certificates.
>> As I said in a previous message, making the device accept or not untrusted
>> certificates is controlled by a preference in the config.xml file. Then,
>> the corresponding Objective-C code controlled by the preference intercepts
>> the HTTPS request right when iOS evaluates the certificate and dynamically
>> adds an exception so that all certificates get accepted.
>> We configure this preference at build time so that our development
>> versions can accept the self-signed certificates used by our developers
>> local VMs, and it's disabled for our production builds.
>> It's basically working the same way as this Oracle plugin:
>> https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration
>> However, when I tried to use the Oracle plugin for our app, I never
>> managed to make it work properly, so I ended up adding the same mechanics
>> to cordova-plugin-wkwebview-engine so that it could accept all certificates
>> as well.
>> 
>> Cheers,
>> Julien
>> 
>> -----Original Message-----
>> From: Scheffe, Mathias <ma...@accenture.com.INVALID>
>> Sent: December 22, 2020 1:47 AM
>> To: dev@cordova.apache.org
>> Subject: Re: Hello Cordova team
>> 
>> CAUTION: This email came from outside NexJ. Do not click links or open
>> attachments unless you recognize the sender and know the contents are safe.
>> 
>> Hi,
>> 
>> @Julien: Can you detail your feature a bit more?
>> We are also using self-signed certificates for testing. We are working
>> with the Cordova standard and install our self-signed certificate on the
>> testing iOS devices as trusted root certificate. Then everything works out
>> of the box. Which additional features does your extension bring?
>> 
>> Kind regards,
>> Mathias
>> 
>> From: Julien Lamure <ju...@nexjhealth.com>
>> Date: Saturday, 19. December 2020 at 00:21
>> To: dev@cordova.apache.org <de...@cordova.apache.org>
>> Subject: [External] RE: Hello Cordova team This message is from an
>> EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
>> 
>> Hi Norman,
>> 
>> You're right, it would totally make sense to have this directly built in
>> cordova-ios@6.
>> I had to add this feature to cordova-plugin-wkwebview-engine because we're
>> using Monaca to build our app and cordova-ios@5.1.1 is the most recent
>> version they give us access to for the moment.
>> And I totally agree that allowing self-signed certificates is a big no-go
>> for release builds, our automated build processes make sure it's only
>> available for developer builds (accepting or refusing self-signed
>> certificates is controlled by a preference in the config.xml file).
>> I'm going to see if I can figure out how to incorporate it into
>> cordova-ios@6 then, but maybe I can still also create the pull request
>> for cordova-plugin-wkwebview-engine so that other Monaca customers like us
>> can use it while waiting for getting access to cordova-ios@6.
>> 
>> Cheers,
>> Julien
>> 
>> -----Original Message-----
>> From: Norman Breau <no...@nbsolutions.ca>
>> Sent: December 18, 2020 5:49 PM
>> To: dev@cordova.apache.org
>> Cc: dev@cordova.apache.org
>> Subject: Re: Hello Cordova team
>> 
>> CAUTION: This email came from outside NexJ. Do not click links or open
>> attachments unless you recognize the sender and know the contents are safe.
>> 
>> Hi Julien,
>> 
>> Ability to accept self-signed certificates for development builds sounds
>> like a neat enhancement and I personally would give my thumbs up for this
>> kind of feature. I would be hesitant to allow self-signed certificates for
>> release builds. I'm wondering if this could be adapted to either an
>> independent plugin or be incorporated into cordova-ios package. The
>> cordova-plugin-wkwebview-engine package while not officially declared
>> deprecated... will become obsolete soon given that it's only supported for
>> cordova-ios <= 5.x. It's pending a formal vote and I think one last release
>> for official deprecation. As of
>> cordova-ios@6 WKWebView is built into the core platform and UIWebView is
>> physically removed from the codebase.
>> 
>> So if this could be adapted to support cordova-ios@6, I think that would
>> be better in the long term.
>> Kind regards,
>> Norman
>> On Dec 18 2020, at 6:21 pm, Julien Lamure <ju...@nexjhealth.com>
>> wrote:
>>> Hello everyone,
>>> 
>>> I'm senior DevOps engineer and team lead at NexJ Health, greetings from
>> Toronto, Canada.
>>> We're a provider of cloud-based population health management solutions
>> and our platform can also be accessed from a Cordova-based mobile app
>> available for Android and iOS.
>>> I've been recently working on the migration to the WKWebView engine for
>> iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the
>> ability to accept self-signed certificates.
>>> I'm not an iOS developer, it was the first time I was touching some
>> Objective-C code, but my patch is vastly inspired from what was done in
>> Oracle's cordova-plugin-wkwebview-file-xhr.
>>> We needed this feature because our developers test our mobile app along
>> with a server instance hosted on there workstation, and this local instance
>> uses self-signed certificates.
>>> 
>>> I was thinking of creating a pull request on the official
>> cordova-plugin-wkwebview-engine to share this feature with the community
>> since I could see a lot of people asking how to do it, please let me know
>> if it's something that you would like me to do so.
>>> Our fork is currently in one of our private repositories.
>>> 
>>> Cheers
>>> Julien
>>> 
>> 
>> ________________________________
>> 
>> This message is for the designated recipient only and may contain
>> privileged, proprietary, or otherwise confidential information. If you have
>> received it in error, please notify the sender immediately and delete the
>> original. Any other use of the e-mail by you is prohibited. Where allowed
>> by local law, electronic communications with Accenture and its affiliates,
>> including e-mail and instant messaging (including content), may be scanned
>> by our systems for the purposes of information security and assessment of
>> internal compliance with Accenture policy. Your privacy is important to us.
>> Accenture uses your personal data only in compliance with data protection
>> laws. For further information on how Accenture processes your personal
>> data, please see our privacy statement at
>> https://www.accenture.com/us-en/privacy-policy.
>> 
>> ______________________________________________________________________________________
>> 
>> www.accenture.com
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>> For additional commands, e-mail: dev-help@cordova.apache.org
>> 
>> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org

Re: Hello Cordova team

[Chris Brody <ch...@gmail.com>]

Hi Julian I would recommend you consider announcing and sharing
whatever you have, in case it may help others or receive any contributions.
Thanks!


On Tue, Dec 22, 2020 at 11:28 AM Julien Lamure <ju...@nexjhealth.com>
wrote:

> Hi Mathias,
>
> With this feature, we don't need to do anything on the device to be able
> to access web resources hosted on a server that uses self-signed
> certificates.
> As I said in a previous message, making the device accept or not untrusted
> certificates is controlled by a preference in the config.xml file. Then,
> the corresponding Objective-C code controlled by the preference intercepts
> the HTTPS request right when iOS evaluates the certificate and dynamically
> adds an exception so that all certificates get accepted.
> We configure this preference at build time so that our development
> versions can accept the self-signed certificates used by our developers
> local VMs, and it's disabled for our production builds.
> It's basically working the same way as this Oracle plugin:
> https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration
> However, when I tried to use the Oracle plugin for our app, I never
> managed to make it work properly, so I ended up adding the same mechanics
> to cordova-plugin-wkwebview-engine so that it could accept all certificates
> as well.
>
> Cheers,
> Julien
>
> -----Original Message-----
> From: Scheffe, Mathias <ma...@accenture.com.INVALID>
> Sent: December 22, 2020 1:47 AM
> To: dev@cordova.apache.org
> Subject: Re: Hello Cordova team
>
> CAUTION: This email came from outside NexJ. Do not click links or open
> attachments unless you recognize the sender and know the contents are safe.
>
> Hi,
>
> @Julien: Can you detail your feature a bit more?
> We are also using self-signed certificates for testing. We are working
> with the Cordova standard and install our self-signed certificate on the
> testing iOS devices as trusted root certificate. Then everything works out
> of the box. Which additional features does your extension bring?
>
> Kind regards,
> Mathias
>
> From: Julien Lamure <ju...@nexjhealth.com>
> Date: Saturday, 19. December 2020 at 00:21
> To: dev@cordova.apache.org <de...@cordova.apache.org>
> Subject: [External] RE: Hello Cordova team This message is from an
> EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.
>
> Hi Norman,
>
> You're right, it would totally make sense to have this directly built in
> cordova-ios@6.
> I had to add this feature to cordova-plugin-wkwebview-engine because we're
> using Monaca to build our app and cordova-ios@5.1.1 is the most recent
> version they give us access to for the moment.
> And I totally agree that allowing self-signed certificates is a big no-go
> for release builds, our automated build processes make sure it's only
> available for developer builds (accepting or refusing self-signed
> certificates is controlled by a preference in the config.xml file).
> I'm going to see if I can figure out how to incorporate it into
> cordova-ios@6 then, but maybe I can still also create the pull request
> for cordova-plugin-wkwebview-engine so that other Monaca customers like us
> can use it while waiting for getting access to cordova-ios@6.
>
> Cheers,
> Julien
>
> -----Original Message-----
> From: Norman Breau <no...@nbsolutions.ca>
> Sent: December 18, 2020 5:49 PM
> To: dev@cordova.apache.org
> Cc: dev@cordova.apache.org
> Subject: Re: Hello Cordova team
>
> CAUTION: This email came from outside NexJ. Do not click links or open
> attachments unless you recognize the sender and know the contents are safe.
>
> Hi Julien,
>
> Ability to accept self-signed certificates for development builds sounds
> like a neat enhancement and I personally would give my thumbs up for this
> kind of feature. I would be hesitant to allow self-signed certificates for
> release builds. I'm wondering if this could be adapted to either an
> independent plugin or be incorporated into cordova-ios package. The
> cordova-plugin-wkwebview-engine package while not officially declared
> deprecated... will become obsolete soon given that it's only supported for
> cordova-ios <= 5.x. It's pending a formal vote and I think one last release
> for official deprecation. As of
> cordova-ios@6 WKWebView is built into the core platform and UIWebView is
> physically removed from the codebase.
>
> So if this could be adapted to support cordova-ios@6, I think that would
> be better in the long term.
> Kind regards,
> Norman
> On Dec 18 2020, at 6:21 pm, Julien Lamure <ju...@nexjhealth.com>
> wrote:
> > Hello everyone,
> >
> > I'm senior DevOps engineer and team lead at NexJ Health, greetings from
> Toronto, Canada.
> > We're a provider of cloud-based population health management solutions
> and our platform can also be accessed from a Cordova-based mobile app
> available for Android and iOS.
> > I've been recently working on the migration to the WKWebView engine for
> iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the
> ability to accept self-signed certificates.
> > I'm not an iOS developer, it was the first time I was touching some
> Objective-C code, but my patch is vastly inspired from what was done in
> Oracle's cordova-plugin-wkwebview-file-xhr.
> > We needed this feature because our developers test our mobile app along
> with a server instance hosted on there workstation, and this local instance
> uses self-signed certificates.
> >
> > I was thinking of creating a pull request on the official
> cordova-plugin-wkwebview-engine to share this feature with the community
> since I could see a lot of people asking how to do it, please let me know
> if it's something that you would like me to do so.
> > Our fork is currently in one of our private repositories.
> >
> > Cheers
> > Julien
> >
>
> ________________________________
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy. Your privacy is important to us.
> Accenture uses your personal data only in compliance with data protection
> laws. For further information on how Accenture processes your personal
> data, please see our privacy statement at
> https://www.accenture.com/us-en/privacy-policy.
>
> ______________________________________________________________________________________
>
> www.accenture.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
> For additional commands, e-mail: dev-help@cordova.apache.org
>
>

RE: Hello Cordova team

[Julien Lamure <ju...@nexjhealth.com>]

Hi Mathias,

With this feature, we don't need to do anything on the device to be able to access web resources hosted on a server that uses self-signed certificates.
As I said in a previous message, making the device accept or not untrusted certificates is controlled by a preference in the config.xml file. Then, the corresponding Objective-C code controlled by the preference intercepts the HTTPS request right when iOS evaluates the certificate and dynamically adds an exception so that all certificates get accepted.
We configure this preference at build time so that our development versions can accept the self-signed certificates used by our developers local VMs, and it's disabled for our production builds.
It's basically working the same way as this Oracle plugin: https://github.com/oracle/cordova-plugin-wkwebview-file-xhr#configuration
However, when I tried to use the Oracle plugin for our app, I never managed to make it work properly, so I ended up adding the same mechanics to cordova-plugin-wkwebview-engine so that it could accept all certificates as well.

Cheers,
Julien

-----Original Message-----
From: Scheffe, Mathias <ma...@accenture.com.INVALID> 
Sent: December 22, 2020 1:47 AM
To: dev@cordova.apache.org
Subject: Re: Hello Cordova team

CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe.

Hi,

@Julien: Can you detail your feature a bit more?
We are also using self-signed certificates for testing. We are working with the Cordova standard and install our self-signed certificate on the testing iOS devices as trusted root certificate. Then everything works out of the box. Which additional features does your extension bring?

Kind regards,
Mathias

From: Julien Lamure <ju...@nexjhealth.com>
Date: Saturday, 19. December 2020 at 00:21
To: dev@cordova.apache.org <de...@cordova.apache.org>
Subject: [External] RE: Hello Cordova team This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.

Hi Norman,

You're right, it would totally make sense to have this directly built in cordova-ios@6.
I had to add this feature to cordova-plugin-wkwebview-engine because we're using Monaca to build our app and cordova-ios@5.1.1 is the most recent version they give us access to for the moment.
And I totally agree that allowing self-signed certificates is a big no-go for release builds, our automated build processes make sure it's only available for developer builds (accepting or refusing self-signed certificates is controlled by a preference in the config.xml file).
I'm going to see if I can figure out how to incorporate it into cordova-ios@6 then, but maybe I can still also create the pull request for cordova-plugin-wkwebview-engine so that other Monaca customers like us can use it while waiting for getting access to cordova-ios@6.

Cheers,
Julien

-----Original Message-----
From: Norman Breau <no...@nbsolutions.ca>
Sent: December 18, 2020 5:49 PM
To: dev@cordova.apache.org
Cc: dev@cordova.apache.org
Subject: Re: Hello Cordova team

CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe.

Hi Julien,

Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of
cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase.

So if this could be adapted to support cordova-ios@6, I think that would be better in the long term.
Kind regards,
Norman
On Dec 18 2020, at 6:21 pm, Julien Lamure <ju...@nexjhealth.com> wrote:
> Hello everyone,
>
> I'm senior DevOps engineer and team lead at NexJ Health, greetings from Toronto, Canada.
> We're a provider of cloud-based population health management solutions and our platform can also be accessed from a Cordova-based mobile app available for Android and iOS.
> I've been recently working on the migration to the WKWebView engine for iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to accept self-signed certificates.
> I'm not an iOS developer, it was the first time I was touching some Objective-C code, but my patch is vastly inspired from what was done in Oracle's cordova-plugin-wkwebview-file-xhr.
> We needed this feature because our developers test our mobile app along with a server instance hosted on there workstation, and this local instance uses self-signed certificates.
>
> I was thinking of creating a pull request on the official cordova-plugin-wkwebview-engine to share this feature with the community since I could see a lot of people asking how to do it, please let me know if it's something that you would like me to do so.
> Our fork is currently in one of our private repositories.
>
> Cheers
> Julien
>

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org

Re: Hello Cordova team

["Scheffe, Mathias" <ma...@accenture.com.INVALID>]

Hi,

@Julien: Can you detail your feature a bit more?
We are also using self-signed certificates for testing. We are working with the Cordova standard and install our self-signed certificate on the testing iOS devices as trusted root certificate. Then everything works out of the box. Which additional features does your extension bring?

Kind regards,
Mathias

From: Julien Lamure <ju...@nexjhealth.com>
Date: Saturday, 19. December 2020 at 00:21
To: dev@cordova.apache.org <de...@cordova.apache.org>
Subject: [External] RE: Hello Cordova team
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.

Hi Norman,

You're right, it would totally make sense to have this directly built in cordova-ios@6.
I had to add this feature to cordova-plugin-wkwebview-engine because we're using Monaca to build our app and cordova-ios@5.1.1 is the most recent version they give us access to for the moment.
And I totally agree that allowing self-signed certificates is a big no-go for release builds, our automated build processes make sure it's only available for developer builds (accepting or refusing self-signed certificates is controlled by a preference in the config.xml file).
I'm going to see if I can figure out how to incorporate it into cordova-ios@6 then, but maybe I can still also create the pull request for cordova-plugin-wkwebview-engine so that other Monaca customers like us can use it while waiting for getting access to cordova-ios@6.

Cheers,
Julien

-----Original Message-----
From: Norman Breau <no...@nbsolutions.ca>
Sent: December 18, 2020 5:49 PM
To: dev@cordova.apache.org
Cc: dev@cordova.apache.org
Subject: Re: Hello Cordova team

CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe.

Hi Julien,

Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of
cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase.

So if this could be adapted to support cordova-ios@6, I think that would be better in the long term.
Kind regards,
Norman
On Dec 18 2020, at 6:21 pm, Julien Lamure <ju...@nexjhealth.com> wrote:
> Hello everyone,
>
> I'm senior DevOps engineer and team lead at NexJ Health, greetings from Toronto, Canada.
> We're a provider of cloud-based population health management solutions and our platform can also be accessed from a Cordova-based mobile app available for Android and iOS.
> I've been recently working on the migration to the WKWebView engine for iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to accept self-signed certificates.
> I'm not an iOS developer, it was the first time I was touching some Objective-C code, but my patch is vastly inspired from what was done in Oracle's cordova-plugin-wkwebview-file-xhr.
> We needed this feature because our developers test our mobile app along with a server instance hosted on there workstation, and this local instance uses self-signed certificates.
>
> I was thinking of creating a pull request on the official cordova-plugin-wkwebview-engine to share this feature with the community since I could see a lot of people asking how to do it, please let me know if it's something that you would like me to do so.
> Our fork is currently in one of our private repositories.
>
> Cheers
> Julien
>

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

RE: Hello Cordova team

[Julien Lamure <ju...@nexjhealth.com>]

Hi Norman,

You're right, it would totally make sense to have this directly built in cordova-ios@6. 
I had to add this feature to cordova-plugin-wkwebview-engine because we're using Monaca to build our app and cordova-ios@5.1.1 is the most recent version they give us access to for the moment.
And I totally agree that allowing self-signed certificates is a big no-go for release builds, our automated build processes make sure it's only available for developer builds (accepting or refusing self-signed certificates is controlled by a preference in the config.xml file).
I'm going to see if I can figure out how to incorporate it into cordova-ios@6 then, but maybe I can still also create the pull request for cordova-plugin-wkwebview-engine so that other Monaca customers like us can use it while waiting for getting access to cordova-ios@6.

Cheers,
Julien

-----Original Message-----
From: Norman Breau <no...@nbsolutions.ca> 
Sent: December 18, 2020 5:49 PM
To: dev@cordova.apache.org
Cc: dev@cordova.apache.org
Subject: Re: Hello Cordova team

CAUTION: This email came from outside NexJ. Do not click links or open attachments unless you recognize the sender and know the contents are safe.

Hi Julien,

Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of
cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase.

So if this could be adapted to support cordova-ios@6, I think that would be better in the long term.
Kind regards,
Norman
On Dec 18 2020, at 6:21 pm, Julien Lamure <ju...@nexjhealth.com> wrote:
> Hello everyone,
>
> I'm senior DevOps engineer and team lead at NexJ Health, greetings from Toronto, Canada.
> We're a provider of cloud-based population health management solutions and our platform can also be accessed from a Cordova-based mobile app available for Android and iOS.
> I've been recently working on the migration to the WKWebView engine for iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to accept self-signed certificates.
> I'm not an iOS developer, it was the first time I was touching some Objective-C code, but my patch is vastly inspired from what was done in Oracle's cordova-plugin-wkwebview-file-xhr.
> We needed this feature because our developers test our mobile app along with a server instance hosted on there workstation, and this local instance uses self-signed certificates.
>
> I was thinking of creating a pull request on the official cordova-plugin-wkwebview-engine to share this feature with the community since I could see a lot of people asking how to do it, please let me know if it's something that you would like me to do so.
> Our fork is currently in one of our private repositories.
>
> Cheers
> Julien
>

Re: Hello Cordova team

[Norman Breau <no...@nbsolutions.ca>]

Hi Julien,

Ability to accept self-signed certificates for development builds sounds like a neat enhancement and I personally would give my thumbs up for this kind of feature. I would be hesitant to allow self-signed certificates for release builds. I'm wondering if this could be adapted to either an independent plugin or be incorporated into cordova-ios package. The cordova-plugin-wkwebview-engine package while not officially declared deprecated... will become obsolete soon given that it's only supported for cordova-ios <= 5.x. It's pending a formal vote and I think one last release for official deprecation. As of
cordova-ios@6 WKWebView is built into the core platform and UIWebView is physically removed from the codebase.

So if this could be adapted to support cordova-ios@6, I think that would be better in the long term.
Kind regards,
Norman
On Dec 18 2020, at 6:21 pm, Julien Lamure <ju...@nexjhealth.com> wrote:
> Hello everyone,
>
> I'm senior DevOps engineer and team lead at NexJ Health, greetings from Toronto, Canada.
> We're a provider of cloud-based population health management solutions and our platform can also be accessed from a Cordova-based mobile app available for Android and iOS.
> I've been recently working on the migration to the WKWebView engine for iOS, and I made a fork of cordova-plugin-wkwebview-engine that adds the ability to accept self-signed certificates.
> I'm not an iOS developer, it was the first time I was touching some Objective-C code, but my patch is vastly inspired from what was done in Oracle's cordova-plugin-wkwebview-file-xhr.
> We needed this feature because our developers test our mobile app along with a server instance hosted on there workstation, and this local instance uses self-signed certificates.
>
> I was thinking of creating a pull request on the official cordova-plugin-wkwebview-engine to share this feature with the community since I could see a lot of people asking how to do it, please let me know if it's something that you would like me to do so.
> Our fork is currently in one of our private repositories.
>
> Cheers
> Julien
>