| Summary: | [iOS] Attempting to load Wallet pass from api.americaspharmacy.com results in Safari showing a failure alert | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | andy <planetman1125> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | a_protyasha, ap, beidson, karlcow, planetman1125 |
| Priority: | P2 | ||
| Version: | Other | ||
| Hardware: | iPhone / iPad | ||
| OS: | iOS 16 | ||
| URL: | https://api.americaspharmacy.com/wallet/samsclub-card-pass | ||
|
Description
andy
2023-08-05 06:10:04 PDT
This only fails on iOS When this website sees an iOS user agent, it attempts to provide a Wallet pass instead of an HTML document that it sends to other browsers. $ curl -i 'https://api.americaspharmacy.com/wallet/samsclub-card-pass' --header 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1' HTTP/1.1 200 OK Date: Wed, 09 Aug 2023 17:41:47 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Powered-By: Express Content-Type: application/vnd.apple.pkpass X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: frame-ancestors 'self' *.medimpact.com; Transfer-Encoding: chunked Not yet certain if this is a bug in Safari or WebKit, or something wrong with the website. But this explains why the behavior is different between iOS and desktop. I can see that the Wallet pass being downloaded is signed with an expired certificate, and that's what is almost certainly causing the problem. The UI could be better, but any UI enhancement in this area would be in Safari, outside the WebKit open source project. |