I'm loading an URLRequest on a WKWebView with a custom header which contains our OAuth Token. The request would be redirected to a third party URL, with the OAuth Token from our end. Should we consider this as a leaked header?
Asked
Active
Viewed 106 times
0
Tharindu Ketipearachchi
- 1,046
- 1
- 9
- 26
DesperateLearner
- 1,115
- 3
- 19
- 45
1 Answers
0
The header containing the OAuth token will only be sent on the initial request, not on any subsequent requests or redirects.
This is both a feature and a limitation of WKWebView.
I would recommend verifying this by using a proxy (configured to support SSL proxying) e.g. Charles Proxy, to capture and review all requests and headers.
Andrew Ebling
- 10,175
- 10
- 58
- 75