I have an app in which I want to force SSL pinning in an attempt to disable sniffers like Charles and Fiddler.
My intended way to do this is using my Heroku server which detects how many users are currently running the app I want to force SSL pinning. Therefore, anyone who is using a sniffing app is likely to return an error and I can force close the app.
I have checked my Heroku app and it has SSL configured as in the following picture. 
However, when using Postman with SSL certificate verification disabled to request the app the request goes through successfully. How can I change/fix this? Perhaps I need a new SSL certificate?
I note the Heroku app says Add a custom domain to your app, surely this isn't necessary?
I have tried editing the SSL in Heroku but there are not a lot of options.
question from:
https://stackoverflow.com/questions/65910760/enforce-ssl-pinning-on-heroku-server 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
