Users of our iOS app are receiving a Certificate Error when login to their OneDrive

Copper Contributor



On or around February 18th, users of our iOS App have started receiving a certificate error when attempting to sign in to their OneDrive accounts:


"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “” which could put your confidential information at risk."

Obviously, the URL looks incorrect (too many "onedrive."'s in there...). The trouble is this URL is generated by "accountchooser.js" (Microsoft written) in code that looks like this:

e.skyApiBaseUrl = "https://skyapi.onedrive." + document.domain + "/API/2/";

We use the OneDriveSDK via a Cocoapod (nothing has changed here in years) and our App hasn't changed anything here in a similar time frame.

So something recent looks to have changed, either in the accountchooser.js code, or in how "document.domain" is calculated/determined on iOS. For reference, our users are seeing this on iOS 15.3.x and iOS 15.4, so latest stable production releases.

Is anyone seeing anything similar? Any help with where or how we should raise this issue would be helpful...


Who is the responsible team for accountchooser.js?


Attached a screenshot of a Proxyman capture on a clean iOS Simulator 


Offending Code



Related Threads and Issues Raised

2 Replies
I replied over on the Q&A thread but wanted to update here as well in case anyone sees one but not the other, we are currently investigating this on the OneDrive side and will update when we have a path forward.


do you plan to update this within the year?