Communication between a http server and https server will be secured?

Question

I am trying to implement an HTTP server inside an iOS app. I could see similar apps in the app store. But in my case, embedded HTTP server has to communicate with external HTTPS Server. So now, is the communication secured? Or do I need to implement HTTPS server, instead?

Is it possible to implement an HTTPS server in iOS app? Will Apple reject this approach?

Thanks in Advance

Answer 1

I'm assuming that you use the internal HTTP server to provide interceped content for a WKWebView. I this case you web view connects to the HTTP server over HTTP and this connection is insecure. But generally this shouldn't be an issue because nobody can intercept the connection. You HTTP server connects to the internet over HTTPS, and this should be done because this connection could be compromised.

Don't be confused about the different protocols. If you call a HTTPS-URL NSURLSession will use HTTPS and use a secured connection. There is no pitfall or issue. You needn't to support HTTPS for the web view to server connection. This will give you not more notable security.

I use a similar setup in my application and it works perfectly.

BTW: In iOS 11 you may use WKURLSchemeHandler to intercept web view requests. This should be much easier than a local HTTP server. The disadvantage is, that you have to define a custom protocol (e.g. xhttp instead of http), and rewrite the URLs in the web content. But this should be much easier to achieve than a local HTTP server.