2
votes

Since iOS 11, you could use WKURLSchemeHandler with WKWebView:

A protocol for loading resources with URL schemes that WebKit doesn't know how to handle.

If you used a custom-scheme - let's say foobarhttps - WKWebView does NOT appear to treat it as Secure.

When a server response is received with a Set Cookie instruction, that Cookie is never attached to requests sent via foobarhttps if the Cookie had the property isSecure:TRUE.

Is there a WkWebView property I am missing that would allow requests via foobarhttps to include these Cookies?

<NSHTTPCookie
    version:1
    name:FOOBARCOOKIE
    value:ALICEANDBOB
    expiresDate:'(null)'
    created:'2019-11-13 17:10:08 +0000'
    sessionOnly:TRUE
    domain:.server.com
    partition:none
    path:/
    isSecure:TRUE
 path:"/" isSecure:TRUE>

Update (closed) I had misunderstood the implications of setting a Cookie's property for a subdomain versus the domain. All worked with WKURLSchemeHandler.

Anyway, I found my answer here.