[Webkit-unassigned] [Bug 227175] New: FR: Dynamic use of app-bound domains
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jun 19 02:32:37 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=227175
Bug ID: 227175
Summary: FR: Dynamic use of app-bound domains
Product: WebKit
Version: Other
Hardware: iPhone / iPad
OS: iOS 14
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: niklasmerz at apache.org
Recently I had a great chat at a WWDC WebKit lab about app-bound domains and our special use case.
I have an app where the user enters the domain/URL to a server the app should connect to. The server could be a dedicated backend server installed at the customers site. The employees of the customer download the app from the App Store and enter the URL given to them by their administrators. The app now connects only to this particular server.
I now want to use app-bound domains for this use case, too. Right now I can set up to 10 app-bound at build time. This does not help for my kind of app because the domains need to be set at runtime and some apps, like enterprise apps with on-premise servers, might not know them at this point.
What if WebKit would offer an API (possibly with a system prompt, setting etc.) to set an app-bound domain as soon the app gets the domain it needs to connect to by the user? Having this one domain the app connects to exclusively as an app-bound domain would offer benefits, like no ITP issues, security measures etc.
I really like the idea of a "trusted domain" which get's more freedom for WKWebView apps and offers privacy and security for users. The app should only connect to the domain given by the user.
Apps that are not web browser but use WKWebView to display content from local web files (Cordova, Capacitor etc.) have many stumbling blocks because of weird CORS and ITP behaviors right now. For these apps slightly less strict CORS restrictions with custom schemes could possibly help many developers, too.
I would love to talk more about this and discuss ideas to make lives easier for developers using WebKit in apps like this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210619/28eeb627/attachment.htm>
More information about the webkit-unassigned
mailing list