iOS App Transport Security not Loading any Resources (HTTP)

[AlecKriebel]

Hi All,

I'm having an issue when attempting to load resources from within my Parse-Server backend iOS App.

App Transport Security is a feature on iOS apps that disallows connections if they are not https, and in my case, any resource (images, etc) URLs are loaded using http and so the connection is not allowed.

Note that I do not have this issue when loading normal data (user data, PFObjects, etc.).

My server URL client side and my SERVER_URL config parameter in Heroku are both https. I am using Heroku+MongoDB to host this Parse server.

Here are NSLogs from my iOS device simulation when trying to load a resource:

Error Domain=Parse Code=100 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." 
UserInfo={code=100, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., originalError=Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." 
UserInfo={NSUnderlyingError=0x7f976fe2c800 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://<URL>.herokuapp.com/parse/files/sUnFtZuPieaQaONJIkUEEECtNDZiuCjQzUH4K9FY/de36470e632cc17c67eeb646e3d41f64_profilepicture.png, NSErrorFailingURLKey=http://<URL>.herokuapp.com/parse/files/sUnFtZuPieaQaONJIkUEEECtNDZiuCjQzUH4K9FY/de36470e632cc17c67eeb646e3d41f64_profilepicture.png, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}, temporary=1, error=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

How can I fix this issue?

[mpaulsonco]

Hi @AlecKriebel, I've found this guide to be helpful when working with ATS on iOS.

As long as your resources are coming from the same domain, you'll probably want to follow Example B. If you're resources are coming from arbitrary domains, you'll most likely need to go with Example E.

[AlecKriebel]

@mpaulsonco Thanks for the guide.

Example B is certainly a work-around, and if I can't solve this issue, that is certainly what I will implement, but I can't imagine that loading resources from MongoDB using https is impossible.

[nlutsenko]

This is slightly disconnected from MongoDB, since clients actually won't ever talk to it.
I recommend getting a SSL certificate and plugging this in front of your server.
You can even get a free one from https://letsencrypt.org

Both the workaround and plugging SSL Cert and moving your app to https will work.
Going to close this one out, feel free to reopen if this still doesn't work for you.

[Charlesleonius]

Heroku automatically makes all the other endpoints https secure so how can I get it to do the same for the files endpoint?

[jayliew]

@Charlesleonius did you figure out the answer to your question? Same issue for me here

[Charlesleonius]

@jayliew I ended up using a client side workaround. This is essentially the code I used to get around it, maybe you can modify it for your needs:

let file = PFFile() //Placeholder 
var url = file.url!
if (!url.contains("https")) {
       url = url.insert(string: "s", ind: 4)
}
let URL = NSURL(string: url)!

[jayliew]

@Charlesleonius thanks!

[flovilmart]

Try with setting publicServerURL, setting HTTPS. That should work

[jayliew]

Can confirm this solved it for me when my images were not loading on a simulator from Parse on Heroku.

Add this to Parse Server's index.js file where you create the server:

publicServerURL: process.env.PARSE_PUBLIC_SERVER_URL || 'https://hostname.herokuapp.com/parse',

[mohanadhilles]

use it

info.plist
NSAppTransportSecurity

NSExceptionDomains

domain.com

NSExceptionAllowsInsecureHTTPLoads

NSIncludesSubdomains

[flovilmart]

You should run on HTTPS.