SSL Pinning for WebView?

[jaxley]

A common omission in certificate pinning implementations and discussions seems to be coverage for WebView requests. Are there plans to provide a sample WebViewClient implementation that invokes the pinning code to make secure requests so developers will know how to do this securely?

[travismorrow-okta]

Great Question - The only method I've seen is implementing shouldinterceptrequest and handling the connections through your pinning implementation and passing back data :-/

[jaxley]

I've seen that, however, shouldInterceptRequest is Synchronous and this would force all web requests to be synchronous in order to be able to supply the data in the return value of this method, as far as I can tell. Not sure what the performance implications of that would be for a typical webview - would there be blocking on the thread? Of course, there is also the caveat that this excludes all older Android OSes (before Honeycomb), although there's good reason to exclude those anyhow.

[CodinRonin]

Also, a way to handle post requests.