I recently replaced
UIWebview for a
WKWebview in my hybrid app. I use a custom form to load images from the original part of the app as recommended by Apple here:
I upload the images from a url that looks like
mycustomscheme: //? path = somepath
I've added the Content-Security-Policy header to allow the mixed content and it looks like this (irrelevant parts were removed):
Content Security Policy: standard src & # 39; self & # 39; www.myurl.com; img-src & # 39; self & # 39; mycustomscheme :; script src & # 39; self & # 39; & # 39; unsafe-inline & # 39; & # 39; uncertain-eval & # 39 ;; report-uri https://www.myreporturl.com/
This works for most devices and allows the request for
mycustomscheme to go through, and reports to
myreporturl if something was blocked. However, on some devices, the custom queries are blocked with this error:
[Warning] [blocked] The page at https://www.myurl.com was not allowed to display insecure content from mycustomscheme: //? Path = somepath and no report is sent to
myreporturl ] as if the header was not loaded at all.
I have confirmed that the header is actually sent and that the problematic devices are running the latest iOS (1
Any advice on how to prevent my custom requests from being blocked will be appreciated!