The bad news upfront: you can't do this in an app you're going to submit to the App Store because it involves using a private API. But I thought it was interesting nonetheless.
In short: iOS's webview, WKWebView, allows you create a "custom scheme" and route all requests for it through your native code. So, for example, you could create
resources:// and any request sent to a URL within that scheme would be answered by your app. The big problem is that WKWebView does not consider this scheme "secure", which means if you load an
https:// URL it can't send requests to
resources://, just like it can't send a request to
But you can change that. There's a private method on
_registerURLSchemeAsSecure and it does... well, more or less what the name would lead you to believe. So how to use it? Surprisingly simply:
let pool = WKProcessPool() let selector = NSSelectorFromString("_registerURLSchemeAsSecure:") pool.perform(selector, with: NSString(string: "resources"))
Then just make your
WKWebViewConfiguration has its
processPool property set.
resources:// is secure and you can send requests from
https:// URLs. So why doesn't Apple do this themselves internally? I suspect it has something to do with this being set at the WKProcessPool level: you add custom schemes per webview so it's possible for two webviews sharing the same process pool to have different custom schemes. Anyway, fingers crossed in a future release they'll be able to do the refactoring necessary to let us make custom schemes secure.