CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
      • Commoncrypto
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
        • Webview-allow-js
        • Webview-baseurl
        • Webview-evaluatejavascript-xss
        • Webview-fileaccess
        • Webview-fraudulent
        • Webview-https
          • Swift webview config https upgrade
        • Webview-loadhtmlstring-xss
        • Webview-permission-readaccess
        • Webview-universal-fileaccess
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Webview-https

Swift webview config https upgrade

swift-webview-config-https-upgrade

Webviews were observed that do not enable the upgradeKnownHostsToHTTPS feature. This feature will ensure accidental HTTP connections are automatically upgraded to HTTPS, avoiding potential data leakage over the network.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-272: Least Privilege Violation
Swift webview config fraudulent site warningSwift webview xss
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.