Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Disable same-origin policy on iOS WKWebView with private API.
// Allows disabling Same-Origin Policy on iOS WKWebView.
// Tested on iOS 12.4.
// Uses private API; obviously can't be used on app store.
@import WebKit;
@import ObjectiveC;
void WKPreferencesSetWebSecurityEnabled(id, bool);
@interface WDBFakeWebKitPointer: NSObject
@property (nonatomic) void* _apiObject;
@implementation WDBFakeWebKitPointer
void WDBSetWebSecurityEnabled(WKPreferences* prefs, bool enabled) {
Ivar ivar = class_getInstanceVariable([WKPreferences class], "_preferences");
void* realPreferences = (void*)(((uintptr_t)prefs) + ivar_getOffset(ivar));
WDBFakeWebKitPointer* fake = [WDBFakeWebKitPointer new];
fake._apiObject = realPreferences;
WKPreferencesSetWebSecurityEnabled(fake, enabled);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment