Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

App Transport Security blocks HTTPS

Tags:

ios

app-transport-security

I've a problem with ATS. I'm using XCode 9.1, my Development Target is 11.0. I'm developing using react-native 0.49

My program is doing a fetch to a https (https://www.xxxx.com) resource which has a valid (google chrome) letsencrypt certificate. The fetch only works, when NSAllowsArbitraryLoads is set to true, when set to false the fetch is blocked (debug out)?

I'm doing some tests using a temporary domain (https://xxxx.no-ip.org). This domain also has a valid letsencrypt certificate. In this case everything works fine.

The only difference I can see between both hosts is that the test domain is a single domain host, the production host is a multi domain host. Anybody a suggestion?

Regards,

Harry

The debug out: CFNetwork Diagnostics [1:1187] 12:38:08.258 { Did Fail: (null) Loader: {url = https://.... Error: Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}

This is my info.plist section

<key>NSAppTransportSecurity</key>
  <dict>
  <key>NSAllowsArbitraryLoads</key>
  <false/>
  <key>NSExceptionDomains</key>
  <dict>
  <key>xxxx.no-ip.org</key>
  <dict/>
  <key>localhost</key>
  <dict>
  <key>NSExceptionAllowsInsecureHTTPLoads</key>
  <true/>
  </dict>
  <key>xxxx.com</key>
  <dict>
  <key>NSIncludesSubdomains</key>
  <true/>
</dict>  </dict>  </dict>
like image 422
Harry Bauer Avatar asked Oct 18 '22 03:10

Harry Bauer

1 Answers

Using the NSExceptionAllowsInsecureHTTPLoads shouldn't do anything if you are trying to connect via HTTPS. Is it possible that your URL (https://www.xxxx.com) is redirecting traffic to http://www.xxxx.com?

There are other exceptions that will affect HTTPS traffic that will allow HTTPS connections that don't satisfy all the requirements for HTTPS (e.g. Forward Secrecy, TLS version, key strength). What you need to do is to figure out exactly why it is failing.

To test the URL for ATS compliance, use the nscurl --ats-diagnostics <url> command on your Mac. You can find out more about ATS in general, as well is how to use / interpret the results of the nscurl command above in this post.

Additionally, you could bump up the logging to get more details as to why it is failing by changing your CFNETWORK_DIAGNOSTICS level up. You can find out more about that here.

like image 54
wottle Avatar answered Oct 21 '22 02:10

wottle
Sign in to Comment

Related questions

What impact do the rounded edges of the iPhone X have on hybrid apps with bottom toolbars or tabs?
Xcode 9 GM undefined symbols for architecture arm64
Inference error with TensorFlow C++ on iOS: "Invalid argument: Session was not created with a graph before Run()!"
Flutter Unknown key for Boolean: EnableTransactions
How to set navigation bar to transparent in iOS 11
Avoid creation of multiple ViewController instances, iOS Swift
Renaming a UIDocument in iCloud
Cannot inspect iOS 11 devices with Safari
The spoiled simulator xcode 9. As a broken TV
How to draw a UILabel with a different blend mode in draw(_ rect: CGRect) in Swift
AWS SNS - Platform application is disabled
Covering window of UIAppDelegate with an overlay make user can't touch on extensions of UIActivityViewController when it's displayed
A C++ header file in a CocoaPod is unable to import from a framework
Check if an Auto-Renewable Subscription is still valid
Swift: difference as String? vs. as? String [duplicate]
Unable to reproduce WebKitLegacy -[_WebSafeForwarder forwardInvocation:] crash
UIStringDrawing methods don't seem to be thread safe in iOS 6
NSURLSessionConfiguration timeoutIntervalForRequest vs NSURLSession timeoutInterval
Add cocoapods to tests target too? [duplicate]
iOS 12 IAP Sandbox

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!