React Native Webview 3D secure pages don't open on iOS devices - ios

I'm having a strange issue with RN Webview. I need to open the payment page with Webview on my app, and when I select the 3D secure payment option, all banks show me an error page. This only happens on iOS devices, everything works fine on all browsers and on Android devices.
I've found this solution on Stackoverflow but it didn't work for me. I tried the NSAllowsArbitraryLoads key, I also added the bank URL's as NSExceptionDomains, with NSExceptionRequiresForwardSecrecy key set to false.
One thing I noticed is that when I run the /usr/bin/nscurl --ats-diagnostics --verbose https:{bankUrl} command, I see the only Failing situation is when the NSExceptionMinimumTLSVersion value is TLSv1.3. When I check the payment page on browser, I see the used protocol is TLS 1.3, so I thought this could be the issue.
I tried to set NSExceptionMinimumTLSVersion to TLSv1.3, but then I get the an ssl error has occurred and a secure connection to the server cannot be made error. I'm out of ideas here, what should I do?

Related

didFailProvisionalLoadForFrame for certain URL but works fine in Safari

I've got an odd issue where a certain domain fails to load in a WKWebView. It gives an error:
WebPageProxy::didFailProvisionalLoadForFrame: frameID=3, domain=NSURLErrorDomain, code=-1200
Which I believe is complaining about a certificate issue? It works fine if I allow insecure content via info.plist, but of course I don't want to allow that.
The cert is fine for that domain. I'm unable to share the url unfortunately. It's a .gov domain. The cert is DigiCert and not-expired.
It works fine in Safari outside of the app, and even in Firefox and Chrome, which I thought used WKWebView but maybe not?
Has anyone ever experienced this issue? What additional steps can I do to pin down what exactly WKWebView is complaining about and what can be done to fix it?
We're actually using Xamarin, but we have test projects in both Xamarin and Xcode that replicate the issue.
Thanks!
I found the problem!
WKWebView (unlike Safari) requires that SSL certs support forward secrecy.
https://developer.apple.com/documentation/bundleresources/information_property_list/nsexceptionrequiresforwardsecrecy
You can check if a cert supports this here:
https://www.ssllabs.com/ssltest/analyze.html
It's possible to disable it in info.plist but we've opted to ask the site owner to change their certs.

HTML5 Video Does Not Play on iOS over HTTPS when deployed to Firebase Hosting

I am using the the HTML5 Video tag on a PWA created in angular 6 and for the life of me I can't get it to work. At first I thought it was an issue with encoding since it works on FF, Chrome (Desktop and Mobile), and Safari Desktop. I have checked the encoding and the use of the video tag. I believe that all is in order. I am able to play the video on iOS when serving it using HTTP from my local.
ng serve --host 0.0.0.0
It fails to play when trying to use HTTPS and a cert generated from openssl.
http-server dist/marcel-webapp/ -S
This leads me to believe that the issue is only with untrusted certificates. The problem that I having a very hard time finding the solution to is that I am hosting it on Firebase, and google handles the provisioning of the SSL certificates automatically. I checked my version of the trust store on my phone and the neither the root or intermediate certificates in use are listed.
Here is the link to the video my site
The question is... If really do have a certificate issue on firebase, what can be do about it?
Thanks in advance for any guidance on this.
Update and actual problem identified! I eliminated an untrusted certificate as the problem by deploying to AWS. The problem is actually related to the service worker created when adding PWA support to the project. The reason the video works over HTTP is that service workers are only enabled in HTTPS. I'm using Angular 6 to create the PWA, however it seems that other frameworks have the same problem. Turning off services workers in the Safari allows the video to display as expected
Settings > Safari > Advanced > Experimental Features > Service Workers
I found this post describes the problem in great detail. View Post Here

How debug Universal links

I use the cordova plugin "ionic-plugin-deeplinks" (to my knowledge also works with a plain cordova app).
On Android, links when clicked let users choice between chrome and my application.
=> I suppose that app links works
=> As I'm able to access window.IonicDeeplink and redirect the user to the right page
I'm not able to have the same behavior on iOS, when I click a link I always get the app open in Safari.
How can I find clue on issues ?
More context:
apple-app-site-association is got with a HTTP 200 (over https only), it's located in /.well-known/apple-app-site-association:
I checked TeamID and BundleID 5 times (at least);
with the branch.io validator i get all validations green:
Your domain is valid (valid DNS).
Your file is served over HTTPS.
Your server does not return error status codes greater than 400.
Your file's 'content-type' header was found :)
Your JSON is validated.
with the apple validator, I got : "Action required
Could not extract required information for Universal Links. Learn how to implement the recommended Universal Links.
Error no apps with domain entitlements
The entitlement data used to verify deep link dual authentication is from the current released version of your app. This data may take 48 hours to update." (but some devs said that working app add the same error) what to do with that result?
when monitoring server's log while installing the app with Xcode I see a request get a HTTP 200 on apple-app-site-association
while installing the app with Xcode I got no logs referring to swcd in Xcode (I read here that I should if I had error while installing the app). Is a successful installation silent?
I followed that guide to setup entitlements, but some things feel odd with it:
Unlike the snapshot in the guide, I didn't found any *.entitlements file in my project. Should I have one with cordova? (my xCode seems to remember my setting though). Is it possible to check that installed app get entitlements?
I did set my domain in Xcode like this: applinks:mydomain.com and the switch is ON. But I never uploaded any thing from my local dev environment to apple services. Should I have? If yes, how ?
My current interrogations are highlighted but any explanations on any lack of understanding will be more than welcome!!!
Until then I started a verification for testFlight looking for more info.
while installing the app with Xcode I got no logs referring to swcd in xCode
I implemented Universal Links manually, but situation was similar. Particularly I mentioned empty swcd process log while installing the app, and it turned out that most likely iOS didn't even try to download apple-app-site-association file, like if responsible process wasn't run. In my case device restart helped and deep-linking began to work.
Thus I think restarting device is one another step in troubleshooting when you are sure about all your setup.
For anyone trying to debug this in development:
In XCode, ensure you're editing the Debug version of Signing & Capabilities.
To bypass the Apple Universal Links CDN, configure your Debug domains like applinks:?mode=developer -- adding that query string in development is important.
On your iOS Device, go to Settings->Developer->Universal Links and ensure the Associated Domains Development toggle is switched on.
On your iOS Device in Settings->Developer->Universal Links->Diagnostics, enter your Universal Links URL and ensure you get a green checkmark.
After following all of these steps, Universal Links work locally.

WKWebView How to display links to http: pages

I have a WKWebView which will display users' webpages using links gathered online.
Sometimes these links are http: which are blocked by ATS.
I've tried simply changing the links to https:, which works sometimes.
However, very often I get an error "An SSL error has occurred and a secure connection to the server cannot be made".
Sometimes the page simply redirects to the http:, which gets blocked again.
Other times the https: page is simply "Not found".
Removing http: only results in "Unsupported URL" error.
Is there any way to get WKWebView to show these pages?
PLEASE DON"T suggest NSAllowsArbitraryLoads, or even per-domain exceptions (I do not know in advance what the domains will be).
The pages load perfectly on Safari, and even mobile safari, so it must be possible.
So, the short answer is NSAllowsArbitraryLoadsInWebContent, which will work great in iOS 10. However, if you try to run with that in your Info.plist on an iOS 9 device, it won't work.
If you want this to work on both iOS 9 and iOS 10, what Apple is recommending that you do is to put both NSAllowsArbitraryLoads AND NSAllowsArbitraryLoadsInWebContent in your Info.plist.
In iOS 9, since it doesn't recognize the NSAllowsArbitraryLoadsInWebContent entry, it will allow all http content in the app (including your WKWebview). This isn't ideal, but as long as you are ensuring your critical connections elsewhere are secure, having Apple enforce it really doesn't do much.
In iOS 10 (which most of your users should be running) iOS will ignore the NSAllowsArbitraryLoads if it also sees NSAllowsArbitraryLoadsInWebContent. This means the rest of your app network communications will need to follow ATS's security requirements, while the WKWebView and UIWebView does not. This isn't a great solution, but it is the one recommended by Apple engineers when you need to support both iOS 9 and 10.
Note that when Apple does start to require justifications for ATS exceptions, the NSAllowsArbitraryLoadsInWebContent entry is one of the ones that will trigger the need to justification. But, it is better than having NSAllowsArbitraryLoads by itself, and you can put that in your justification and it should be accepted by Apple.
As posted in this article, add a top level property NSAppTransportSecurity in info.plist, then if the iOS version is 10 and above, add a boolean entry for NSAllowsArbitraryLoadsInWebContent in this dictionary, otherwise NSAllowsArbitraryLoads, such that the plist entry looks like
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
</dict>

How to fix iOS error -9813 and -9802?

I have an issue to make an investigation using my iOS app (iOS 9.3.3). I need to connect to a site which uses self-signed certificate. That site redirects me to an address with http. I see several solutions, but neither of them is working.
First I try to disable the https check using NSAppTransportSecurity but I still get -9813. I add domain as exception using NSExceptionDomains but still continue to receive that error.
If your site runs on Http// then you have to add an App Transport Security Settings
Under that Allow Arbitrary Loads to YES.
If Your site runs on Https// then there no need to add any Key to your info.plist file.
Hope This will help you . If not let me know.

Resources