navigator.sendBeacon TLS fails in WKWebView iOS > 11.3
| Originator: | ori | ||
| Number: | rdar://41007379 | Date Originated: | June 11 2018 |
| Status: | Resolved: | ||
| Product: | WKWebView | Product Version: | 11.4 |
| Classification: | Reproducible: | always |
Summary:
In iOS WKWebView > 11.3
navigator.sendBeacon to HTTPS (TLS) fails with "Failed HTTP authentication" error in console. Network request is cancelled.
Technical hints:
1. The connection seems to break from the client side after a complete TLS handshake was performed. The server sends an "Encrypted Handshake Message" and the client responds with [FIN, ACK] and closes.
2. If the page provides a "preconnect" hint prior to the sendBeacon call (thus, preparing a valid TLS session beforehand) - the sendBeacon call succeeds!
example:
<link href='https://mytestserver.com/bug' rel='preconnect' crossorigin />
Steps to Reproduce:
1. Have a simple HTTPS CORS server that accepts POST to some url (/bug)
2. From an HTTPS simple HTML page, have inline javascript that POSTs to that url.
2a. once with XHR (will succeed) like:
var xmlhttp = new XMLHttpRequest(); // new HttpRequest instance
xmlhttp.open("POST", "https://mytestserver.com/bug");
xmlhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
xmlhttp.send(JSON.stringify({"a":"b"}));
2b. with navigator.sendBeacon('https://mytestserver.com/bug', '');
Expected Results:
both 2a and 2b succeed.
Actual Results:
2a success, 2b fails.
Version/Build:
WKWebView iOS > 11.3 (tested on 11.4)
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!