Skip to content

Feat: disable default iOS URLCache #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Almouro merged 7 commits into from
Jul 17, 2025
Merged

Feat: disable default iOS URLCache #26

Almouro merged 7 commits into from
Jul 17, 2025

Conversation

@Xseuguh
Copy link
Contributor

@Xseuguh Xseuguh commented Apr 16, 2025
edited
Loading

What is the problem

On iOS, each request is cached in plain text within the app’s file system. A malicious user with root access could access this cache and extract sensitive data, such as credentials from a login endpoint.
More details on this article

Proposal

Deactivate the URLCache and clear the existing cache
=> Will it break things ? On react native app, caching is mainly done on the JS side, this native cache does not seem to be used

How to reproduce

  • Launch your app
  • Open the files associated to this app (for example using open $(xcrun simctl get_app_container booted <your.bundle.id> data))
  • Go to Library/Caches/<your.bundle.id>
  • Open the Cache.db
Before After
before.mp4
after.mp4

TODO

Blocking the merge:

  • add a flag to enable/disable the functionality (disable by default)
  • complete README with an Experimental tag

To go further:

  • investigate more deeply the full impact of fully disabling the cache (webview, assets, ...)

Almouro
Almouro reviewed Apr 18, 2025
View reviewed changes
@Xseuguh Xseuguh force-pushed the feat/deactivate-ios-url-cache branch from ab7ffe8 to 3d8ca00 Compare April 18, 2025 10:12
@Almouro Almouro merged commit ae0edc5 into main Jul 17, 2025
@Almouro Almouro deleted the feat/deactivate-ios-url-cache branch July 17, 2025 15:32
@github-actions
Copy link

github-actions bot commented Jul 17, 2025

🚀 This pull request is included in v0.6.0. See v0.6.0 for release notes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Laurence-liu-923 Laurence-liu-923 Laurence-liu-923 approved these changes

+1 more reviewer

@Almouro Almouro Almouro left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Xseuguh @Almouro @Laurence-liu-923