It seems like a WKWebView doesn't handle 421 responses automatically.
What basically happened is the following:
- The client requests a page at foo.example.com
- During TLS negotiation, the server presents a certificate which is valid for both foo.example.com and bar.example.com (and the client accepts it). This could be done with a wildcard certificate or a SAN certificate.
- The client reuses the connection to make a request for bar.example.com.
- The server is unable or unwilling to support cross-domain connection reuse and serves HTTP 421.
- The client does not automatically retry with a new connection.
According to the RFC7540 section 9.1.2 we MAY retry the request manually with a new TCP connection.
The iOS' Safari browser and all web browsers handled this correctly by retrying the request.
Isn't the webview also supposed to handle this automatically? @eskimo