Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

App Transport Security failure under OSX 10.11 #90

Closed
pkedrosky opened this issue Oct 2, 2015 · 25 comments
Closed

App Transport Security failure under OSX 10.11 #90

pkedrosky opened this issue Oct 2, 2015 · 25 comments

Comments

@pkedrosky
Copy link

@pkedrosky pkedrosky commented Oct 2, 2015

Sadly, webkit2png now throws App Transport Security errors under El Capitan any time you request a non-https site. Specifically:

Fetching http://google.com/ ...
2015-10-02 16:22:21.037 Python[6363:5778368] App Transport Security has blocked a 
cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be 
configured via your app's Info.plist file.
 ... something went wrong: The resource could not be loaded because the App Transport 
Security policy requires the use of a secure connection.

Apple's solution (sic.) to this problem -- assuming you can't request an https version of the site -- is to modify your app's .plist to make exceptions for all non-https sites you want to request, or you can turn off ATS altogether in the .plist. (I see, from testing, that Python's urllib2 can request external non-https sites, but webkit2png cannot.)

[Update] Good discussion of some of the underlying Python/NSURL issues here: http://michaellynn.github.io/2015/07/31/customized-python-app-bundles/

@nhaglind
Copy link

@nhaglind nhaglind commented Oct 6, 2015

Yep, ran into this issue today. Some more details around it.
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

@bendalton
Copy link

@bendalton bendalton commented Oct 14, 2015

I've submitted a PR for this. Just setting the relevant Info.plist values at runtime. Works great on El Capitan for me now.

Cheers!

@nhaglind
Copy link

@nhaglind nhaglind commented Oct 14, 2015

Awesome! Hopefully it gets merged with master so we can install via homebrew.

@patrickwelker
Copy link

@patrickwelker patrickwelker commented Nov 5, 2015

Maybe mentioning @paulhammond helps. Homebrewing this would be sweet.

@pbov
Copy link

@pbov pbov commented Nov 11, 2015

+1
Would be nice to fix it on brew

@Saeven
Copy link

@Saeven Saeven commented Dec 1, 2015

+1 Homebrew fix!

@bendalton
Copy link

@bendalton bendalton commented Dec 1, 2015

@paulhammond - let me know if you want me to modify this in any way :-)

On Tue, Dec 1, 2015 at 11:24 AM Alexandre Lemaire notifications@github.com
wrote:

+1 Homebrew fix!


Reply to this email directly or view it on GitHub
#90 (comment)
.

tdhopper added a commit to olneyhymn/westminster-daily that referenced this issue Dec 19, 2015
@Rasmis
Copy link

@Rasmis Rasmis commented Feb 4, 2016

@cova-it, @Saeven and anybody else who (like me) arrives here looking for a solution for the Homebrew 0.7-version:
Open /usr/local/Cellar/webkit2png/0.7/bin/webkit2png in a text editor and add these lines from line 422 (read more on #91) :

# Handles ATS HTTPS requirement introduced in El Cap
 if options.ignore_ssl_check:
     AppKit.NSBundle.mainBundle().infoDictionary()['NSAppTransportSecurity'] = dict(NSAllowsArbitraryLoads = True)
@orenyomtov
Copy link

@orenyomtov orenyomtov commented Feb 12, 2016

@Rasmis Thanks. Your snippet works for me

@denji
Copy link

@denji denji commented Apr 16, 2016

Stable version not fixed.

@GrimlocK38
Copy link

@GrimlocK38 GrimlocK38 commented May 29, 2016

Hi,

after have add this line a little problem.

File "/usr/local/bin/webkit2png", line 423
if options.ignore_ssl_check:
^
IndentationError: unexpected indent

Thanks for help

@orenyomtov
Copy link

@orenyomtov orenyomtov commented May 29, 2016

@GrimlocK38 double check you used 4 spaces to indent, and no tabs.

@GrimlocK38
Copy link

@GrimlocK38 GrimlocK38 commented May 29, 2016

Hi, @orenyomtov

same problem but with this errors now.

Traceback (most recent call last):
File "/usr/local/bin/webkit2png", line 469, in
main()
File "/usr/local/bin/webkit2png", line 431, in main
AppKit.NSApp().setDelegate_(delegate)
AttributeError: 'NoneType' object has no attribute 'setDelegate_'

@orenyomtov
Copy link

@orenyomtov orenyomtov commented May 29, 2016

This is my edited copy and it works

webkit2png.zip

@GrimlocK38
Copy link

@GrimlocK38 GrimlocK38 commented May 29, 2016

@orenyomtov,

Perfect :).

PS: for an capture used: --ignore-ssl-check

Work now

A big thanks

@scottjbarr
Copy link

@scottjbarr scottjbarr commented Jul 2, 2016

I have the same issue, but the version supplied by @orenyomtov works exactly as expected.

@lukewcn
Copy link

@lukewcn lukewcn commented Jul 11, 2016

seems that brew version has not fixed? It Really need to be fixed :>

@the-real-adammork
Copy link

@the-real-adammork the-real-adammork commented Jul 16, 2016

also here because of brew.

@metaColin
Copy link

@metaColin metaColin commented Oct 27, 2016

Also here from brew.

@o6uoq
Copy link

@o6uoq o6uoq commented Sep 4, 2018

+1

@helloalvin
Copy link

@helloalvin helloalvin commented Jun 25, 2019

I also meet this problem.
=======like this:
./webkit2png http://www.163.com
('Fetching', http://www.163.com, '...')
2019-06-25 21:19:42.823 Python[4312:186459] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
... something went wrong2: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

@helloalvin
Copy link

@helloalvin helloalvin commented Jun 25, 2019

nothing to modify,run like this is ok.
./webkit2png http://www.hnust.cn --ignore-ssl-check

@Xploit3r
Copy link

@Xploit3r Xploit3r commented Jan 10, 2020

I used the "--ignore-ssl-check" option and it still gives me the same error message. Please check below:

webkit2png -F http://www.ox.ac.uk/ --ignore-ssl-check
Fetching http://www.ox.ac.uk/ ...
2020-01-10 10:36:56.372 Python[88776:9748137] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
 ... something went wrong: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

Do I need to make changes to info.plist of webkit2png file?

Thanks.

@paulhammond
Copy link
Owner

@paulhammond paulhammond commented Mar 26, 2020

Hi all! Thank you to everyone for reporting this, and to Ben for proposing a fix. I'm sorry it took so long to get this fixed; my day job got really really busy and side projects like webkit2png got left behind.

I'm just working through the backlog of bugs and pull requests and then I'll get a new release out soon including this.

@ancestral
Copy link

@ancestral ancestral commented Sep 24, 2020

Big fan of webkit2png!

I totally get a lot is going on for people, but any chance of a fix soon?

Also, maybe it would be good to leave the issue open since it’s not resolved?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

You can’t perform that action at this time.