Unable to load plugin list

[bosel]

After reinstalling qs following an upgrade to the latest osx release I am unable to load the plugin list (or check for updates for that matter).

log snippet:

Quicksilver[586]: Fetching plugin data from http://cdn.qsapp.com/plugins/info.php?qsversion=16403
Quicksilver[586]: App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file

• qs 1.3.1 (4013)
• osx 10.11

[Giomanach13]

I have the same problem: after reinstalling QS is unable to load the list of plugins or check for updates.

qs 1.3.1 (4013)
osx 10.11

[skurfer]

This is because of Apple’s new App Transport Security. A good thing for the most part, but we have to rethink some things. We can fix it in the next release, but you probably won’t be notified about it if the app can’t check for updates. We’ll announce it in the users’ group or you can follow along here.

[juhucoding]

for the sake of completeness, a log from console:

10.10.15 09:42:19,752 Quicksilver[7609]: Download failed! Error - http://cdn.qsapp.com/plugins/download.php?qsversion=16403&id=com.blacktree.Quicksilver.QSWebSearchPlugIn&version=590 The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. http://cdn.qsapp.com/plugins/download.php?qsversion=16403&id=com.blacktree.Quicksilver.QSWebSearchPlugIn&version=590

[sobutay]

You can change the App Transport Security settings in the Info.plist to allow unsecure access for the related FQDNs as a temporary fix. More details below.

http://www.neglectedpotential.com/2015/06/working-with-apples-application-transport-security/

[fspreiss]

Same here. I just downloaded Quicksilver for the first time, but can't start using it (on OS X 10.11) because the app is unable to load the plugin list. Is there a known workaround?

[sobutay]

I've just written it above @fspreiss

[juhucoding]

to make it more clear (according to the answer from KrzysiekF at http://forum.ionicframework.com/t/nsurlsession-nsurlconnection-http-load-failed/32898/3)

the TAS can be switched off by adding

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

to

/Applications/Quicksilver.app/Contents/Info.plist

in the line after

<plist version="1.0">

[gruenheit]

Sorry, this does not work for me; after adding those lines in /Applications/Quicksilver.app/Contents/Info.plist QS refused to start. After reverting to its former state QS started again.

[charliewilkins]

@gruenheit Move the key and dict block into the dict element. Top of the file should look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>NSAppTransportSecurity</key>
  <dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
  </dict>

[gruenheit]

works fine, thanks!

[jspiro]

Might it not be most wise to unrelease the current version until fixed? It's going to cripple a lot of people and create a support load. Even when fixed they won't realize it. 1.3.1 isn't a critical release.

[pjrobertson]

The problem isn't with 1.3.1, but with El Capitan.

On 13 October 2015 at 14:11, Jono Spiro notifications@github.com wrote:

Might it not be most wise to unrelease the current version until fixed?
It's going to cripple a lot of people and create a support load. 1.3.1
isn't a critical release.

—
Reply to this email directly or view it on GitHub
#2114 (comment)
.

[jspiro]

I get that -- but Apple is getting a lot better about quick adoption rates, and this is a subtle bug. I'm not sure there's a strong argument for keeping a minor point release if it makes getting future updates impossible.

That said, the damage may already be done depending on the default setting for how frequently to check updates ;-)

[Fedster]

The question is, is the issue fixed and a new release available?

[pjrobertson]

This should now be fixed. From reading online resources it seems the app will try and connect to the https:// URL even if it's configured to use the http:// URL. In which case, if you refresh your DNS cache and try to load plugins etc. from Quicksilver it should now work.

Curiously, you’ll notice that the connection attempts to change the http protocol to https to protect against mistakes in your code where you may have accidentally misconfigured the URL. In some cases, this might actually work, but it’s also confusing.

[skurfer]

I wasn’t able to use the plug-in system with 1.3.1, so I’m not sure if it was attempting HTTPS. Anyway, 1.3.2 is now available. You’ll need to download and install it manually, as 1.3.1 us unable to connect and realize there’s an update.

http://qsapp.com/download.php