New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

App Transport Security failure under OSX 10.11 #90

Open
pkedrosky opened this Issue Oct 2, 2015 · 20 comments

Comments

Projects
None yet
@pkedrosky

pkedrosky commented Oct 2, 2015

Sadly, webkit2png now throws App Transport Security errors under El Capitan any time you request a non-https site. Specifically:

Fetching http://google.com/ ...
2015-10-02 16:22:21.037 Python[6363:5778368] App Transport Security has blocked a 
cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be 
configured via your app's Info.plist file.
 ... something went wrong: The resource could not be loaded because the App Transport 
Security policy requires the use of a secure connection.

Apple's solution (sic.) to this problem -- assuming you can't request an https version of the site -- is to modify your app's .plist to make exceptions for all non-https sites you want to request, or you can turn off ATS altogether in the .plist. (I see, from testing, that Python's urllib2 can request external non-https sites, but webkit2png cannot.)

[Update] Good discussion of some of the underlying Python/NSURL issues here: http://michaellynn.github.io/2015/07/31/customized-python-app-bundles/

@nhaglind

This comment has been minimized.

nhaglind commented Oct 6, 2015

Yep, ran into this issue today. Some more details around it.
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

bendalton added a commit to bendalton/webkit2png that referenced this issue Oct 13, 2015

Allows for use of non-https domains under El Capitan
... when --ignore-ssl-check is enabled

Fixes paulhammond#90

@bendalton bendalton referenced a pull request that will close this issue Oct 13, 2015

Open

Allows for use of non-https domains under El Capitan #91

@bendalton

This comment has been minimized.

bendalton commented Oct 14, 2015

I've submitted a PR for this. Just setting the relevant Info.plist values at runtime. Works great on El Capitan for me now.

Cheers!

@nhaglind

This comment has been minimized.

nhaglind commented Oct 14, 2015

Awesome! Hopefully it gets merged with master so we can install via homebrew.

@patrickwelker

This comment has been minimized.

patrickwelker commented Nov 5, 2015

Maybe mentioning @paulhammond helps. Homebrewing this would be sweet.

@pbov

This comment has been minimized.

pbov commented Nov 11, 2015

+1
Would be nice to fix it on brew

@Saeven

This comment has been minimized.

Saeven commented Dec 1, 2015

+1 Homebrew fix!

@bendalton

This comment has been minimized.

bendalton commented Dec 1, 2015

@paulhammond - let me know if you want me to modify this in any way :-)

On Tue, Dec 1, 2015 at 11:24 AM Alexandre Lemaire notifications@github.com
wrote:

+1 Homebrew fix!


Reply to this email directly or view it on GitHub
#90 (comment)
.

tdhopper added a commit to olneyhymn/westminster-daily that referenced this issue Dec 19, 2015

@Rasmis

This comment has been minimized.

Rasmis commented Feb 4, 2016

@cova-it, @Saeven and anybody else who (like me) arrives here looking for a solution for the Homebrew 0.7-version:
Open /usr/local/Cellar/webkit2png/0.7/bin/webkit2png in a text editor and add these lines from line 422 (read more on #91) :

# Handles ATS HTTPS requirement introduced in El Cap
 if options.ignore_ssl_check:
     AppKit.NSBundle.mainBundle().infoDictionary()['NSAppTransportSecurity'] = dict(NSAllowsArbitraryLoads = True)
@orenyomtov

This comment has been minimized.

orenyomtov commented Feb 12, 2016

@Rasmis Thanks. Your snippet works for me

@denji

This comment has been minimized.

denji commented Apr 16, 2016

Stable version not fixed.

@GrimlocK38

This comment has been minimized.

GrimlocK38 commented May 29, 2016

Hi,

after have add this line a little problem.

File "/usr/local/bin/webkit2png", line 423
if options.ignore_ssl_check:
^
IndentationError: unexpected indent

Thanks for help

@orenyomtov

This comment has been minimized.

orenyomtov commented May 29, 2016

@GrimlocK38 double check you used 4 spaces to indent, and no tabs.

@GrimlocK38

This comment has been minimized.

GrimlocK38 commented May 29, 2016

Hi, @orenyomtov

same problem but with this errors now.

Traceback (most recent call last):
File "/usr/local/bin/webkit2png", line 469, in
main()
File "/usr/local/bin/webkit2png", line 431, in main
AppKit.NSApp().setDelegate_(delegate)
AttributeError: 'NoneType' object has no attribute 'setDelegate_'

@orenyomtov

This comment has been minimized.

orenyomtov commented May 29, 2016

This is my edited copy and it works

webkit2png.zip

@GrimlocK38

This comment has been minimized.

GrimlocK38 commented May 29, 2016

@orenyomtov,

Perfect :).

PS: for an capture used: --ignore-ssl-check

Work now

A big thanks

@scottjbarr

This comment has been minimized.

scottjbarr commented Jul 2, 2016

I have the same issue, but the version supplied by @orenyomtov works exactly as expected.

@lukewcn

This comment has been minimized.

lukewcn commented Jul 11, 2016

seems that brew version has not fixed? It Really need to be fixed :>

@the-real-adammork

This comment has been minimized.

the-real-adammork commented Jul 16, 2016

also here because of brew.

@metaColin

This comment has been minimized.

metaColin commented Oct 27, 2016

Also here from brew.

@o6uoq

This comment has been minimized.

o6uoq commented Sep 4, 2018

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment