New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xcode 7.0beta could not connect to development server. #1563

Closed
samfriend opened this Issue Jun 9, 2015 · 26 comments

Comments

Projects
None yet
@samfriend

samfriend commented Jun 9, 2015

Today I downloaded IOS9 and xcode7.0beta which is needed for ios9

When I try to build my existing project to both simulator and iphone. It refused to load the index.ios.bundle with msg...

'Application Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.'

How to make this 'Temporary exceptions' in info.plist file?

thank you very much

@samfriend

This comment has been minimized.

Show comment
Hide comment
@samfriend

samfriend Jun 9, 2015

Adding the following to your Info.plist will disable ATS

< key>NSAppTransportSecurity< / key>
< dict>
< key>NSAllowsArbitraryLoads< / key>< true/>
< / dict>

samfriend commented Jun 9, 2015

Adding the following to your Info.plist will disable ATS

< key>NSAppTransportSecurity< / key>
< dict>
< key>NSAllowsArbitraryLoads< / key>< true/>
< / dict>

@samfriend samfriend closed this Jun 9, 2015

@JohnyDays

This comment has been minimized.

Show comment
Hide comment
@JohnyDays

JohnyDays Jun 9, 2015

Contributor

I think this issue shouldn't be closed, we should probably try to make this work out of the box. Or perhaps apple should allow localhost or local ips to be loaded regardless?

Contributor

JohnyDays commented Jun 9, 2015

I think this issue shouldn't be closed, we should probably try to make this work out of the box. Or perhaps apple should allow localhost or local ips to be loaded regardless?

@ide

This comment has been minimized.

Show comment
Hide comment
@ide

ide Jun 9, 2015

Collaborator

File a bug with Apple if you have a case for local IPs. They might already have a way to whitelist certain IPs in which case we could add localhost. I don't think weakening security for the entire app is a good default if we can avoid it.

Collaborator

ide commented Jun 9, 2015

File a bug with Apple if you have a case for local IPs. They might already have a way to whitelist certain IPs in which case we could add localhost. I don't think weakening security for the entire app is a good default if we can avoid it.

@JohnyDays

This comment has been minimized.

Show comment
Hide comment
@JohnyDays

JohnyDays Jun 9, 2015

Contributor

I'd imagine they implemented this to prevent naive implementations of OTA updates. But I do think it doesn't make sense for local IPs. I'm not an expert on IP addresses and other network-y things, but there's a few select ip ranges that are reserved for local networks right? Perhaps that could be automatically added to the whitelist(or atleast referenced somewhere in the docs)

Contributor

JohnyDays commented Jun 9, 2015

I'd imagine they implemented this to prevent naive implementations of OTA updates. But I do think it doesn't make sense for local IPs. I'm not an expert on IP addresses and other network-y things, but there's a few select ip ranges that are reserved for local networks right? Perhaps that could be automatically added to the whitelist(or atleast referenced somewhere in the docs)

@ide

This comment has been minimized.

Show comment
Hide comment
@ide

ide Jun 9, 2015

Collaborator

It has nothing to do with OTA updates. This is blocking HTTP and requiring HTTPS. An alternative solution would be for the packager to serve a self-signed certificate though I'm not sure what it would take to get the client to accept it.

Collaborator

ide commented Jun 9, 2015

It has nothing to do with OTA updates. This is blocking HTTP and requiring HTTPS. An alternative solution would be for the packager to serve a self-signed certificate though I'm not sure what it would take to get the client to accept it.

@danielkramer

This comment has been minimized.

Show comment
Hide comment
@danielkramer

danielkramer Jul 10, 2015

I've added the plist entry but it's not clearing up the error. I'm using the latest Xcode Beta released this week - Version 7.0 beta 3 (7A152u)

danielkramer commented Jul 10, 2015

I've added the plist entry but it's not clearing up the error. I'm using the latest Xcode Beta released this week - Version 7.0 beta 3 (7A152u)

@sergeyu

This comment has been minimized.

Show comment
Hide comment
@sergeyu

sergeyu Jul 10, 2015

Works for me for Version 7.0 beta 3 (7A152u)

sergeyu commented Jul 10, 2015

Works for me for Version 7.0 beta 3 (7A152u)

@ide

This comment has been minimized.

Show comment
Hide comment
@ide

ide Jul 14, 2015

Collaborator

This is fixed in master (create a new project to get the changes).

Collaborator

ide commented Jul 14, 2015

This is fixed in master (create a new project to get the changes).

@gunn

This comment has been minimized.

Show comment
Hide comment
@gunn

gunn Jul 14, 2015

gunn commented Jul 14, 2015

@ide

This comment has been minimized.

Show comment
Hide comment
@ide

ide Jul 14, 2015

Collaborator

You could look at the SampleApp's xcodeproj and manually port over the plist entry that's mentioned earlier in this thread.

Collaborator

ide commented Jul 14, 2015

You could look at the SampleApp's xcodeproj and manually port over the plist entry that's mentioned earlier in this thread.

@kbpontius

This comment has been minimized.

Show comment
Hide comment
@kbpontius

kbpontius Jul 15, 2015

The above .plist entry worked immediately for me (on an old project ported to Swift 2).

kbpontius commented Jul 15, 2015

The above .plist entry worked immediately for me (on an old project ported to Swift 2).

@DIJOiGloo

This comment has been minimized.

Show comment
Hide comment
@DIJOiGloo

DIJOiGloo Sep 30, 2015

I've added the plist entry but it's not clearing up the error. I'm using the latest Xcode Beta released this week - Version 7.1 beta (7B75) Any suggestion?

DIJOiGloo commented Sep 30, 2015

I've added the plist entry but it's not clearing up the error. I'm using the latest Xcode Beta released this week - Version 7.1 beta (7B75) Any suggestion?

@edo1493

This comment has been minimized.

Show comment
Hide comment
@edo1493

edo1493 Sep 30, 2015

Contributor

I am in the same situation, which is quite annoying since I have been working on this project for the last three months. However I am not sure if the simulator doesn't pick up the new updated info.plst or that is not working.

Contributor

edo1493 commented Sep 30, 2015

I am in the same situation, which is quite annoying since I have been working on this project for the last three months. However I am not sure if the simulator doesn't pick up the new updated info.plst or that is not working.

@edo1493

This comment has been minimized.

Show comment
Hide comment
@edo1493

edo1493 Sep 30, 2015

Contributor

I am sorted, I was trying to change the info from xcode, but opening the file clearly showed my xml was wrong.

Contributor

edo1493 commented Sep 30, 2015

I am sorted, I was trying to change the info from xcode, but opening the file clearly showed my xml was wrong.

@DIJOiGloo

This comment has been minimized.

Show comment
Hide comment
@DIJOiGloo

DIJOiGloo commented Sep 30, 2015

:)

@fatinWasta

This comment has been minimized.

Show comment
Hide comment
@fatinWasta

fatinWasta Oct 26, 2015

using xcode 7.1 beta 3. None of the solutions are working for me. Did any one solved for xcode 7.1 beta 3?

fatinWasta commented Oct 26, 2015

using xcode 7.1 beta 3. None of the solutions are working for me. Did any one solved for xcode 7.1 beta 3?

@yychun1217

This comment has been minimized.

Show comment
Hide comment
@yychun1217

yychun1217 Oct 27, 2015

tried, the above solutions not working for me either. Any suggestion?

yychun1217 commented Oct 27, 2015

tried, the above solutions not working for me either. Any suggestion?

@DIJOiGloo

This comment has been minimized.

Show comment
Hide comment
@DIJOiGloo

DIJOiGloo commented Oct 27, 2015

Yes I can

@DIJOiGloo

This comment has been minimized.

Show comment
Hide comment
@DIJOiGloo

DIJOiGloo Oct 27, 2015

Am using Xcode Version 7.1 beta (7B75)

DIJOiGloo commented Oct 27, 2015

Am using Xcode Version 7.1 beta (7B75)

allofthenorthwood added a commit to Khan/math-facts that referenced this issue Oct 29, 2015

Disable App Transport Security
Summary: See: facebook/react-native#1563

Test Plan: The app now loads

Reviewers: alpert

Reviewed By: alpert

Differential Revision: https://phabricator.khanacademy.org/D22827

jssolichin added a commit to jssolichin/ReactTo36 that referenced this issue Nov 5, 2015

@niftylettuce

This comment has been minimized.

Show comment
Hide comment
@niftylettuce

niftylettuce Dec 8, 2015

Contributor

What's the solution here? I read the app faces rejection possibility if this is in your plist.

Contributor

niftylettuce commented Dec 8, 2015

What's the solution here? I read the app faces rejection possibility if this is in your plist.

@niftylettuce

This comment has been minimized.

Show comment
Hide comment
Contributor

niftylettuce commented Dec 8, 2015

@niftylettuce

This comment has been minimized.

Show comment
Hide comment
@niftylettuce

niftylettuce Dec 8, 2015

Contributor

Looks like the proper fix is:

    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>localhost</key>
            <dict>
                <key>NSTemporaryExceptionAllowsInsecureHTTPSLoads</key>
                <false/>            
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>1.0</string>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict> 
Contributor

niftylettuce commented Dec 8, 2015

Looks like the proper fix is:

    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>localhost</key>
            <dict>
                <key>NSTemporaryExceptionAllowsInsecureHTTPSLoads</key>
                <false/>            
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>1.0</string>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict> 
@niftylettuce

This comment has been minimized.

Show comment
Hide comment
@niftylettuce

niftylettuce Dec 8, 2015

Contributor

According to https://forums.developer.apple.com/thread/22710 it ignores port number too, so that won't work either (affixing :12345) to your plist definition.

Contributor

niftylettuce commented Dec 8, 2015

According to https://forums.developer.apple.com/thread/22710 it ignores port number too, so that won't work either (affixing :12345) to your plist definition.

@niftylettuce

This comment has been minimized.

Show comment
Hide comment
@niftylettuce

niftylettuce Dec 8, 2015

Contributor

Aha, I fixed it, for anyone else having this issue, make sure you don't have more than one key for NSAppTransportSecurity.

Contributor

niftylettuce commented Dec 8, 2015

Aha, I fixed it, for anyone else having this issue, make sure you don't have more than one key for NSAppTransportSecurity.

@Nandulucky

This comment has been minimized.

Show comment
Hide comment
@Nandulucky

Nandulucky Jan 22, 2016

In Info.plist file, I fixed it in Xcode 7.2, App Transport Security Settings as Dictionary and Allow Arbitrary Loads as YES.
it's working absolutely.

Nandulucky commented Jan 22, 2016

In Info.plist file, I fixed it in Xcode 7.2, App Transport Security Settings as Dictionary and Allow Arbitrary Loads as YES.
it's working absolutely.

@bradleywhite2014

This comment has been minimized.

Show comment
Hide comment
@bradleywhite2014

bradleywhite2014 Feb 18, 2016

If you're using React Native, niftylettuce has the correct fix.

bradleywhite2014 commented Feb 18, 2016

If you're using React Native, niftylettuce has the correct fix.

@facebook facebook locked as resolved and limited conversation to collaborators Jun 9, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.