Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP caches have different beheviour on android and iOS #441

Closed
Kohagan91 opened this issue Nov 5, 2021 · 1 comment
Closed

HTTP caches have different beheviour on android and iOS #441

Kohagan91 opened this issue Nov 5, 2021 · 1 comment
Labels

Comments

@Kohagan91
Copy link

Hi !

I opened this issue to discuss about the data cached on device when you use android and iOS devices.

When you use this plugin on an android device, it seems no data are cached on the device. But when looking on iOS, it seems that all requests/responses are stored on the hard drive of the device in a cache.db file.

This can be a security risk. On a jailbreak device, other apps can freely access this cache.db file and potentially get sensitive information from him.

After looking at the iOS source code, I found that is due to the session configuration which is created from the defaultSessionConfiguration.

configuration = [NSURLSessionConfiguration defaultSessionConfiguration];

For my own use case, I just added a line after this one to completely disable cache, but I'm pretty sure that can be good to have an option to disable cache for users that want it.

configuration.URLCache = nil;

Sorry for my bad english,
Regards

@silkimen
Copy link
Owner

Hi @Kohagan91, thank you for finding and reporting this! Yes, I agree that this can be a security risk. Therefore we should disable it and if someone needs the caching option, we can open a new feature request for this purpose. Would you mind creating a PR for this?

@silkimen silkimen added bug and removed question labels Dec 25, 2021
silkimen added a commit that referenced this issue Mar 30, 2022
ath0mas pushed a commit to ns0m/cordova-plugin-advanced-http that referenced this issue Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants