I have set App Transport Security for my iPad App with exception domains for few open api like weather online traffic etc., which we display it in a cordova webview. If I run it directly into iPad, it is working fine. But it is not loading correctly if I archive and distribute it.
Any idea ?
Actually, it looks like you are incorrectly adding exception domains. Don't include http:// in your exception domain entries.
Are you testing locally on an iOS 10 device (which would use the NSAllowsArbitraryLoadsInWebContentto ignore ATS in your web view altogether)? It would work on an iOS 10 device, but maybe the enterprise distribution fails on a device because the device is iOS9, which would try to use your exception domains, which are formatted incorrectly.
Another possible reason for a difference in behavior is that you have a different Info.plist specified for debug vs. release builds. Verify in your project settings that you are referencing the same Info.plist file for both build configs.
Related
I'm trying to set up Associated Domains in my unpublished app for iOS 14. I followed the documentation as good as possible. I'm testing locally with my local dev web server and the app itself in simulator and a real iPhone.
Not only are links not opening in my app, the app does not even attempt to request the file https://mycomputer.local/.well-known/apple-app-site-association from my local web server (I let the web server print a debug message whenever it is requested, but the message is only printed when I manually load it from a web browser).
This is a list of things I have done/checked:
Xcode 12.2:
Under Signing & Capabilities added Associated Domains
Added to Domains: applinks:mycomputer.local?mode=developer (I also tried IP address)
I disabled Automatically manage signing and instead created a Profile on https://developer.apple.com/account/resources/profiles/list (type Development, platform iOS, it has Associated Domains amongst other enabled capabilities and it's linked to my app bundle ID) and selected that profile for the debug build.
I made sure that the URL https://mycomputer.local/.well-known/apple-app-site-association is accessible from all devices involved, i.e. my computer, Safari in simulator, Safari on real iPhone (all are connected to the local network and successfully display my JSON file).
Screenshot:
As mentioned above, I can pretty much rule out that the problem lies with the JSON file itself as I can proof that the device is not even accessing it. Am I missing something or misunderstanding the concept?
My own answer: Using the query string ?mode=developer in the entitlement as described in the documentation simply appears not to work at all.
To verify this I have set up a real server that can be publicly reached on the internet and tried both variants:
applinks:example.com
applinks:example.com?mode=developer
Number 1 works, but the JSON is loaded via Apple's CDN and you cannot use it for local development or for quickly testing different versions of the JSON file as Apple will cache the file for probably one day.
Number 2 does not work at all, no request to the server will be made.
Also, good to know these requirements when testing on actual devices. (And using a domain thats not publicly available in testing period.)
Turn on Developer Mode on the device.
Turn on Associated Domains Development in the Developer settings. (Developer settings will first occur after you have turned on Developer Mode).
Build the app using developer certificate. (Enterprise will not work).
Add ?mode=developer to the domain in entitlements if you are testing with a domain thats not publicly available (Behind VPN..)
I added the apple-app-site-association: <domain>/.well-known/apple-app-site-association
I started with the "applinks" and when that didn't work I also added webcredentials and activitycontinuation.
I enabled Associated Domains for this app id and in the project I added applinks:<domain>, applinks:m.<domain> & applinks:*.<domain> in the associated domains which now appear in the entitlements file.
I checked the domain in the apple validation tool https://search.developer.apple.com/appsearch-validation-tool/ and that worked.
I tested it on multiple simulators and in each of them I could go to the website in safari and it showed me the banner above, I also sent a fake message in the Messages and that showed the details and opened the app.
I also tried changing Deployment Target to iOS 10.
But when I try to install it on the device from xCode, either in debug or release configuration or even upload the build to test flight, this doesn't work (Tried on iPhone 5s, iPhone 8 & iPhone XR).
I searched the internet and saw many people saying that universal links did not work for them until they did this and that and I tried every thing they said but I still can't make it work on real devices.
Is there something else I should do to make this work or did I get something wrong?
You have to wait a bit ( from minutes to hours ) after your app is successfully installed and launched to let iOS fetch the associated domain.
You can use a proxy like Charles to check if iOS has make the call.
Got the same issue and fixed by replacing App ID prefix instead of team ID in apple-app-site-association file
I use the cordova plugin "ionic-plugin-deeplinks" (to my knowledge also works with a plain cordova app).
On Android, links when clicked let users choice between chrome and my application.
=> I suppose that app links works
=> As I'm able to access window.IonicDeeplink and redirect the user to the right page
I'm not able to have the same behavior on iOS, when I click a link I always get the app open in Safari.
How can I find clue on issues ?
More context:
apple-app-site-association is got with a HTTP 200 (over https only), it's located in /.well-known/apple-app-site-association:
I checked TeamID and BundleID 5 times (at least);
with the branch.io validator i get all validations green:
Your domain is valid (valid DNS).
Your file is served over HTTPS.
Your server does not return error status codes greater than 400.
Your file's 'content-type' header was found :)
Your JSON is validated.
with the apple validator, I got : "Action required
Could not extract required information for Universal Links. Learn how to implement the recommended Universal Links.
Error no apps with domain entitlements
The entitlement data used to verify deep link dual authentication is from the current released version of your app. This data may take 48 hours to update." (but some devs said that working app add the same error) what to do with that result?
when monitoring server's log while installing the app with Xcode I see a request get a HTTP 200 on apple-app-site-association
while installing the app with Xcode I got no logs referring to swcd in Xcode (I read here that I should if I had error while installing the app). Is a successful installation silent?
I followed that guide to setup entitlements, but some things feel odd with it:
Unlike the snapshot in the guide, I didn't found any *.entitlements file in my project. Should I have one with cordova? (my xCode seems to remember my setting though). Is it possible to check that installed app get entitlements?
I did set my domain in Xcode like this: applinks:mydomain.com and the switch is ON. But I never uploaded any thing from my local dev environment to apple services. Should I have? If yes, how ?
My current interrogations are highlighted but any explanations on any lack of understanding will be more than welcome!!!
Until then I started a verification for testFlight looking for more info.
while installing the app with Xcode I got no logs referring to swcd in xCode
I implemented Universal Links manually, but situation was similar. Particularly I mentioned empty swcd process log while installing the app, and it turned out that most likely iOS didn't even try to download apple-app-site-association file, like if responsible process wasn't run. In my case device restart helped and deep-linking began to work.
Thus I think restarting device is one another step in troubleshooting when you are sure about all your setup.
For anyone trying to debug this in development:
In XCode, ensure you're editing the Debug version of Signing & Capabilities.
To bypass the Apple Universal Links CDN, configure your Debug domains like applinks:?mode=developer -- adding that query string in development is important.
On your iOS Device, go to Settings->Developer->Universal Links and ensure the Associated Domains Development toggle is switched on.
On your iOS Device in Settings->Developer->Universal Links->Diagnostics, enter your Universal Links URL and ensure you get a green checkmark.
After following all of these steps, Universal Links work locally.
How can I disable App Transport Security only when I run my app on the simulator (while still keeping it enabled when I run my app on my device, even in Debug mode)? Is there a way to disable it with Swift code instead of by modifying the Info.plist file?
I'm asking because I've configured things (via the code snippet below) so that the simulator connects (over HTTP) to a development server running on localhost and the device connects (over HTTPS) to the production server running in the cloud.
#if arch(x86_64) || arch(i386) // simulator
let apiBaseURLString = "http://localhost:3000"
#else // device
let apiBaseURLString = "https://api.example.com"
#endif
Ideally, I'd like keep App Transport Security enabled on the simulator and have the simulator connect over HTTPS to the development server running on localhost. I had that working, but I just updated Xcode, and it broke.
App Transport Security is configured at compile time by reading in the Info.plist. Changing it at runtime would actually have no effect on ATS enforcement, even if you could change the Info.plist at runtime (which you can't).
I can only think of two solutions:
Simulator build config -You could create two versions of the Info.plist, one of which disables ATS altogether, the other is used for running on devices. You can then create a specific build config for running on the simulator. In your Build settings, choose the new Info-Simulator.plist which disables ATS. The downside of this is that you would need to change your build config before running on the simulator - it would not automatically use the correct build config for simulator vs. devices.
Don't have different ATS settings for the simulator. Configure ATS to handle both the Simulator and physical devices. There are many options for ATS exceptions that should work for most scenarios. Need exceptions for local network connections? Look into NSAllowsLocalNetworking. Need more flexibility in a webview? Try NSAllowsArbitraryLoadsInWebContent.
Unfortunately, you can detect the simulator at runtime, but you can't change ATS behavior at runtime. You'll need to find another way, or re-evaluate if you really need a different config on simulators vs. devices.
I think this Code should work to access the .plist file, upon this code you can make changes what you need and put condition for that.
Bundle.main.object(forInfoDictionaryKey: key_name)
UPDATE
Here I'm Posting an Image please folow it:
Here you can get the value for:
NSAllowsArbitraryLoads = 1;
And through this you can put a condition according to your requirement.
Thanks
I´ve installed the new iOS 9 Beta and Xcode 7 to test meteor apps with the coming iOS Version. I figured out that there are some network related issues.
The Client (iPhone) can´t connect to the server to subscribe into the published collections. If I cast an eye on the logs it looks like its serving the files in the "public" folder. After serving the public folder it drops a console log "network". Its not really an error message its just say "network". My app was running on iOS 8 without issues.
I´ve also tested it with the leaderboard example. The leaderboard app is running but there are no collections served to display the player names.
anyone with the same issues? or ideas to fix it?
Open up your app in Xcode. You can access it at .meteor/local/cordova-build
Find your app's info.plist in the Xcode browser.
1) Create a new key, NSAppTransportSecurity
2) The value should be a dictionary containing another key NSAllowsArbitraryLoads that is set to true.
This should solve the issue. iOS 9 does not allow you to connect to sites without SSL. This makes it hard to develop without reverting the security setting with the policy above.
More info: https://github.com/meteor/meteor/issues/4560