[Webkit-unassigned] [Bug 279249] REGRESSION (iOS 18): Loading is blocked when trying to load localhost content from HTTPS website

Tue Sep 10 23:18:14 PDT 2024

https://bugs.webkit.org/show_bug.cgi?id=279249

--- Comment #7 from Kento Kataoka <kento.kataoka at optim.co.jp> ---
This problem is occurring on our service's website. Here is a description of how the website functions and works.

We are classified as an IdP. We provide the following “Device Authentication Service”. :

1. User company administrator configures the application provided by us for each device

2. User company administrator hands over the device to User company staff

3. User company staff tries to log in to a third party service (browser or third party app). :

   1. We are an IdP, and the third party service redirects to our website.

   2. On the login screen of our website, we must confirm that the device is one that User company administrator has authorized staff to log in.

   3. The application provided by us starts serving a local HTTP server.

   4. The login screen attempt to access the local HTTP server provided in the previous step by using <img> tag. The success of this request is exactly the proof that the user company administrator authorize user to login. 

   - Note: This step is currently broken by this issue.

This issue is critical because our service is publicly offered.

Also, we have confirmed that this issue only occurs on macOS 15 and not on iOS 18.

This issue may be related to this issue: bug 272461

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240911/7afec214/attachment.htm>