Pinning of subdomains not working on iOS

[leabaertschi]

Hi, me again :). I have the following pins in the app config:

'*.domain.com': [
    'TbowFsbeuRDpkGtjvPicSfV1Yygjcc/LD7N37kUxw+I=',
    '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
],

This works fine on android. But on iOS despite the hashes being wrong (for testing if it works) all requests go through and I get the following logs:

[App] === TrustKit: Checking includeSubdomains configuration for *.domain.com
[App] === TrustKit: Domain sub.domain.com is not pinned

What am I missing? Is there a config to include subdomains?

[matthieugicquel]

Hi,

Pinning of subdomains is done by default, so you should just specify 'domain.com' and subdomains should be pinned. The package configures TrustKit with kTSKIncludeSubdomains set to true

Thanks for the feedback, I'll look into updating the README or throwing an error for "unrecognized domains" at prebuild time.

[leabaertschi]

Hi,

if I remove *. from the hostnames it stops working on Android though, that's why I added it in the first place. I tested in an emulator running Android 14.0.

[matthieugicquel]

Ok, in this case you should consider pinning all subdomains not supported for now 😬

I'll implement it next week, probably with this API for both platforms:

• domain.com: pins specifically domain.com
• *.domain.com: pins domain.com and all its subdomains

[leabaertschi]

Thanks a lot for taking care of this!

[matthieugicquel]

This has been released in 0.5.0.

You should now be able to use a wildcard to pin a domain and all its subdomains on both iOS and Android

[leabaertschi]

Thanks, it works great now!