New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

App Transport Security support aka apps on iOS 9 don't work #4560

Closed
Tarang opened this Issue Jun 14, 2015 · 14 comments

Comments

Projects
None yet
@Tarang
Contributor

Tarang commented Jun 14, 2015

iOS 9 (may) force developers to use App Transport Security exclusively. I overheard this somewhere randomly so I don't know whether this is true myself. But I suspect it and have come to this conclusion:

The app running on iOS 9 will (maybe) no longer connect to a Meteor server without SSL.

This means running meteor run ios or meteor run ios-device will (probably?) no longer work.

In the app's info.plist, NSAppTransportSecurity [Dictionary] needs to have a key NSAllowsArbitraryLoads [Boolean] to be set to YES or Meteor needs to use https for its localhost server soon. (From Page 26 http://devstreaming.apple.com/videos/wwdc/2015/711y6zlz0ll/711/711_networking_with_nsurlsession.pdf?dl=1)

This is what an error may look like. Of course this is at best, a guess:

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

The best possible fix is to get Meteor to use a SSL server in dev mode.

Oh the hassle! Also again, I overheard this from a loud third party.

@Tarang Tarang changed the title from App Transport Security support to App Transport Security support aka iOS 9 Apps don't work Jun 14, 2015

@Tarang Tarang changed the title from App Transport Security support aka iOS 9 Apps don't work to App Transport Security support aka apps on iOS 9 don't work Jun 14, 2015

@Omeryl

This comment has been minimized.

Show comment
Hide comment
@Omeryl

Omeryl Jun 17, 2015

Haha, this just had me spinning in circles for the last hour. Great catch, thanks for the work around.

Omeryl commented Jun 17, 2015

Haha, this just had me spinning in circles for the last hour. Great catch, thanks for the work around.

@glasser

This comment has been minimized.

Show comment
Hide comment
@glasser

glasser Jun 23, 2015

Member

Thanks for the report. The MDG core team is focused on some other areas of the platform right now, so we may not get to a fix for this soon. We’d welcome community help on this and other Cordova bugs in the form of PRs or other supporting information.

Member

glasser commented Jun 23, 2015

Thanks for the report. The MDG core team is focused on some other areas of the platform right now, so we may not get to a fix for this soon. We’d welcome community help on this and other Cordova bugs in the form of PRs or other supporting information.

@krishaamer

This comment has been minimized.

Show comment
Hide comment
@krishaamer

krishaamer Jul 2, 2015

Had the same problem. Thank you.

krishaamer commented Jul 2, 2015

Had the same problem. Thank you.

@nanokanato

This comment has been minimized.

Show comment
Hide comment
@nanokanato

nanokanato Jul 6, 2015

I also this came communication fail. Thank you.

nanokanato commented Jul 6, 2015

I also this came communication fail. Thank you.

@rlech

This comment has been minimized.

Show comment
Hide comment
@rlech

rlech Jul 6, 2015

had the same issue. workaround fixed it for now. thx!

rlech commented Jul 6, 2015

had the same issue. workaround fixed it for now. thx!

@krazyeom

This comment has been minimized.

Show comment
Hide comment
@krazyeom

krazyeom Aug 9, 2015

Contributor

There was same issue on React Native. facebook/react-native#1563

They just added blew code to end of Info.plist

NSAppTransportSecurity


NSAllowsArbitraryLoads

Contributor

krazyeom commented Aug 9, 2015

There was same issue on React Native. facebook/react-native#1563

They just added blew code to end of Info.plist

NSAppTransportSecurity


NSAllowsArbitraryLoads

@rlech

This comment has been minimized.

Show comment
Hide comment
@rlech

rlech Aug 31, 2015

is there a way to do this with a deploy script? its super annoying to add this 2 entries in xcode every time after a meteor reset

rlech commented Aug 31, 2015

is there a way to do this with a deploy script? its super annoying to add this 2 entries in xcode every time after a meteor reset

@stubailo

This comment has been minimized.

Show comment
Hide comment
@stubailo

stubailo Sep 12, 2015

Contributor

The workaround is now published as part of 1.2-rc.14. Try it out!

Contributor

stubailo commented Sep 12, 2015

The workaround is now published as part of 1.2-rc.14. Try it out!

@stubailo stubailo closed this Sep 12, 2015

@girijeshkumar2007

This comment has been minimized.

Show comment
Hide comment
@girijeshkumar2007

girijeshkumar2007 Sep 21, 2015

From iOS 9 We can not hit API directly. Apple had added Transport Security feature that improves the security of connections between an app and web services. This feature consists of default connection that conform to best practices for secure connections.
Connections that do not follow the requirements will fail and give “The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.” error.

So, We have to add NSAppTransportSecurity dictionary in your .plist file and the NSAllowsArbitraryLoads key to YES under it to turn off transport security.

For more detail read Apple document https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html

girijeshkumar2007 commented Sep 21, 2015

From iOS 9 We can not hit API directly. Apple had added Transport Security feature that improves the security of connections between an app and web services. This feature consists of default connection that conform to best practices for secure connections.
Connections that do not follow the requirements will fail and give “The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.” error.

So, We have to add NSAppTransportSecurity dictionary in your .plist file and the NSAllowsArbitraryLoads key to YES under it to turn off transport security.

For more detail read Apple document https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html

@sebastianconcept

This comment has been minimized.

Show comment
Hide comment
@sebastianconcept

sebastianconcept Sep 21, 2015

Day saved! Thank you @Tarang !

sebastianconcept commented Sep 21, 2015

Day saved! Thank you @Tarang !

@stevoPerisic

This comment has been minimized.

Show comment
Hide comment
@stevoPerisic

stevoPerisic Sep 22, 2015

This is still an issue. I am having to update the info.plist before running the app on the device. Here is a stackoverflow http://stackoverflow.com/questions/30731785/how-do-i-load-an-http-url-with-app-transport-security-enabled-in-ios-9

stevoPerisic commented Sep 22, 2015

This is still an issue. I am having to update the info.plist before running the app on the device. Here is a stackoverflow http://stackoverflow.com/questions/30731785/how-do-i-load-an-http-url-with-app-transport-security-enabled-in-ios-9

@dairdr

This comment has been minimized.

Show comment
Hide comment
@dairdr

dairdr Sep 30, 2015

It works!

dairdr commented Sep 30, 2015

It works!

@tyagi15aug

This comment has been minimized.

Show comment
Hide comment
@tyagi15aug

tyagi15aug Oct 8, 2015

Thanks.. Your post helped me with my ionic and Node.js app.

tyagi15aug commented Oct 8, 2015

Thanks.. Your post helped me with my ionic and Node.js app.

@priyasaini

This comment has been minimized.

Show comment
Hide comment
@priyasaini

priyasaini Dec 27, 2017

What a relief. Thanks.. Saved my time.

priyasaini commented Dec 27, 2017

What a relief. Thanks.. Saved my time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment