Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I figure out which URL is being blocked by App Transport Security?

I'm upgrading an iOS app to iOS 9, and I have some URLs that are not secure, and I need a few exceptions to App Transport Security. I've added the two that I know about, but there are some warnings happening now stating:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

I need to know what URLs are being blocked so I can add them to the Info.plist, they're probably images or media files. How can I make the system log the URLs it decided not to load?

like image 644
Micah Hainline Avatar asked Jul 02 '15 19:07

Micah Hainline


People also ask

What is App transport security in iOS Swift?

file that specifies the domains with which it needs secure communication. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you're creating a new app or updating an existing one.

What is Application Transport Security?

App Transport Security (ATS) is a privacy feature introduced in iOS 9. It's enabled by default for new apps and enforces secure connections.


2 Answers

Editor Note: @jessedc points out in the comments below the link to the official Apple documentation on how to do this: https://developer.apple.com/library/content/qa/qa1887/_index.html

Okay, I have an answer I don't like! I still very much want a better one.

In my application:didFinishLaunchingWithOptions: method I added the line

setenv("CFNETWORK_DIAGNOSTICS", "3", 1); 

When I ran the app then, in the log I can find an entry that looks like this:

2015-07-02 15:27:56.152 MyApp[45041:9125662] CFNetwork diagnostics log file created at: /Users/micah.hainline/Library/Developer/CoreSimulator/Devices/ 11BCA581-5F5F-494D-932A-2ECFCA33EA93/data/Containers/Data/Application/ 9ACC6941-8039-4B86-B5E8-A6C66E2AD520/Library/Logs/CrashReporter/CFNetwork_com .myapp.MyApp_45041.nwlrb.log 

When I open that file I have a huge number of log entries about everything that's happened on the network. I search for kCFErrorDomainCFNetwork in that file and get logs for failed network requests. I can use that to see what URLs the system was trying to hit, and then can add that URL to the exceptions for App Transport Security.

like image 163
Micah Hainline Avatar answered Sep 23 '22 05:09

Micah Hainline


Accepted answer is correct but If you're doing this on Xamarin iOS, you will need to use;

Environment.SetEnvironmentVariable("CFNETWORK_DIAGNOSTICS", "3", EnvironmentVariableTarget.Process); 

Also, if you're looking for the log file use something like Simulator manager to find the correct location easier (https://github.com/tue-savvy/SimulatorManager).

like image 30
PaulB Avatar answered Sep 21 '22 05:09

PaulB