I understand this question has been asked in a similar vein a couple of times, but this error is only occurring on a 3G/4G connection, and not on a wifi connection.
I've also added the appropriate NSExceptionDomains and keys to my info.plist file, as many other answers on here have suggested, and this error does not seem to go away.
I have:
NSTemporaryExceptionAllowsInsecureHTTPLoads = YES
NSThirdPartyExceptionRequiresForwardSecrecy = NO
NSTemporaryExceptionMinimumTLSVersion = 1.0
NSIncludesSubdomains = YES
I am trying to make HTTPS requests to an Amazon EC2 instance (Linux).
Finally fixed the problem. Turns out I was missing a "www" in front of the URL I was trying to access. The SSL certificate was registered with the "www" in the domain name, and this inconsistency was throwing an error.
This might also explain why the error only occurs on mobile data, but I'm not too clear on the specifics so maybe someone else can explain that.
Related
I am loading a https URL in WKWebView and inside that few images are coming from HTTP URL which is loading perfectly fine on enabling NSAllowsArbitraryLoads in info.plist file in iOS 9. But on iOS 10 and above it is not loading the HTTP images. I read Apple and followed all possible way but no luck.
Add the below line in info.plist,
NSAllowsArbitraryLoadsInWebContent
and set its value as YES
Allowing Insecure Connection to a Single Server
fetching media from an insecure server use below
NSAppTransportSecurity
NSExceptionDomains
"media-server.example.com"
NSExceptionAllowsInsecureHTTPLoads = YES
Apple warnings
Important: Before implementing this exception, consider that a
seemingly-benign network request can cause security problems of the
sort that ATS is intended to mitigate. For example, fetching media
from an insecure server entails the following risks, among others: An
attacker can see the media file a user is accessing Your app’s attack
surface expands, for example, by allowing a bad actor to feed your app
a malicious file intended to trigger a buffer overrun Avoid this
connection type if possible.
The App Transport Security (ATS) keys are:
NSAllowsArbitraryLoads
NSAllowsArbitraryLoadsForMedia
NSAllowsArbitraryLoadsInWebContent
NSExceptionAllowsInsecureHTTPLoads
NSExceptionMinimumTLSVersion
You can get more info from NSAppTransportSecurity
I have pushed a Phoenix app to Heroku and it is running fine, apart from connecting to a channel from iOS.
Channels over the browser work as expected.
In iOS I am using PhoenixWebSocket, and in dev env, connecting to the local Phoenix app works as expected.
The problem I am getting is when I point the web socket url to the Heroku app I get the following error:
Error Domain=WebSocket Code=301 "Invalid HTTP upgrade" UserInfo={NSLocalizedDescription=Invalid HTTP upgrade}
Looking around for the error message earlier today, I found a post from Chris McCord, I think it was, saying that this error message is a result of the server refusing to upgrade the request.
However, I've looked around Heroku and found that; Websockets functionality is supported for all applications.
So I'm confused as to whether my problem is on the iOS side, or the Heroku side.
I have pushed Chris's example chat application to Heroku, and tried to connect with the demo app that comes with PhoenixWebSocket, but get the same error.
Has anyone else managed to get web socket requests working between iOS and Heroku hosting a Phoenix app?
Would anyone know if there is something differently I need to do with the request in iOS before trying to join the channel? Or, maybe there is something with the Heroku setup relating to web sockets that I've missed?
The url for the request in iOS:
let url = NSURL(string: "ws://app-name-32793.heroku.com/socket/websocket")!
Many thanks to anyone that can help, and please let me know if there's anything else I can supply to help.
Paul
I know this is old but one possible issue is you may need to connect via https/wss. So either
let url = NSURL(string: "wss://app-name-32793.heroku.com/socket/websocket")!
or:
let socket = Socket(domainAndPort: "app-name-32793.heroku.com", path: "socket", transport: "websocket", prot: "https", params: [])
Does anyone know anything about this error: "Error: Failed to load skin for error: NSURLError Domain"
After trying to open a download link in order to reskin an app on an iPad, I get the above error. The interesting/annoying thing about this is that it is not followed by any error code, which is making it difficult to search for in the forums as all of the results that I get include an error code e.g.: "NSURLErrorDomain error -1012"
The re-skinning has worked for another skin, but not for the one I'm working on now.
Any ideas? Any recommendations for diagnostic tests etc.?
NSURLErrorDomain error -1012 is kCFURLErrorUserCancelledAuthentication, meaning that the server issued an authentication challenge that was subsequently rejected. Causes for rejection vary, but could be invalid password supplied, or because the authentication challenge was not handled at all. It's hard to say without seeing the code.
Have resolved this now. Turned out that the URL I was using was simply incorrect.
My question is similar to this question.
I am trying to check revocation list only using the local CRL.
I am using X509Chain.Build() with the following parameters:
var chainMachine = new X509Chain(true);
chainMachine.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chainMachine.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromSeconds(30);
chainMachine.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
chainMachine.ChainPolicy.VerificationTime = DateTime.Now;
chainMachine.ChainPolicy.RevocationMode = X509RevocationMode.Offline;
But i get the following errors:
RevocationStatusUnknown => The revocation function is unable to check revocation for the certificate.
OfflineRevocation => The Revocation function was unable to check revocation for the certificate because the revocation server is
offline.
The weird thing is that once I try to check the revocation list online (as a result the CRL will be updated), the issue is resolved. so it looks that once there is anything in the cache the issue cannot be reproduced anymore.
I thought that maybe the error message is incorrect and what actually happens is that when the cache is empty there is some exception that causes this message to pop up.
another option is that maybe there is some flag that saying whether the cache has been updated sometime, and if it has never been updated it tries to get the info from an outside server
can anyone point out what is the reason for this issue?
X509RevocationMode.None: Do not check CRLs or OCSP.
X509RevocationMode.Offline: If a CRL is cached and still valid, use it for revocation. Otherwise, if the certificate should have had revocation checked (depending on EntireChain/ExcludeRoot/EndCertificateOnly), report OfflineVerification|RevocationStatusUnknown. (OCSP responses may also be cached if their nextUpdate value suggests to; but I'm not sure if it does or not).
X509RevocationMode.Online: If an OCSP endpoint is described in the certificate perform an OCSP check. If OCSP does not yield a conclusive answer and a CRL Distribution Point is defined, check the cache for the CRL. If it is valid, use it as the basis of revocation; otherwise download the CRL and cache it. If all attempts to find a revocation status fail, set RevocationStatusUnknown.
Offline mode is tricky, due to CRL expiration. Even if you just did an Online request an hour ago, it doesn't mean that Offline will work now. The best use I can think of for it is making the happy path fast; and if you get any errors other than RevocationStatusUnknown or OfflineRevocation then consider the chain failed... but either of those means ask again with Online mode.
(As can be determined via http://referencesource.microsoft.com, Offline corresponds to CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY, which is about as sparsely documented at https://msdn.microsoft.com/en-us/library/windows/desktop/aa376078(v=vs.85).aspx, but perhaps the "Check Cache Only" part is more enlightening)
We already have Facebook working on our main desktop app without an issue. When I added the same setup code to our mobile site I received an error from the JavaScript SDK:
Received message of type object from https://s-static.ak.facebook.com, expected a string
Then, I changed the setup code to an exact replica from here: https://developers.facebook.com/docs/guides/mobile/web/ and received the exact same message.
This error only shows when the user-agent is iOS or Android in Chrome Developer Tools or in the iOS Simulator. When it's running from the desktop, we aren't seeing this error.
Any idea what's going on here?
Thanks :)
With all due respect, I believe that bokonic's answer is missing the point. The immediate reason of the message you're receiving is most likely javascript postMessage method. It is used to communicate your website with an object returned by window.open or an iframe's embedded website.
window.parent.postMessage(message, targetOrigin);
You might want to have a look at this article to see how it works.
According to MDN reference first argument of the postMessage method can be of any type. Still, Prior to Gecko 6.0 (Firefox 6.0 / Thunderbird 6.0 / SeaMonkey 2.3), the message parameter must be a string.
I tested the method on Chrome 28.0.1500.72 (latest version when writing this answer) and it works fine when passing an object but still throws the warning message to the console. I believe that facebook feels uncomfortable with passing some rich data as a string so they pass it as an object and simply doesn't care about the warning. Or, since there is a workaround (e.g. JSON.stringify), they have a bug they don't know about.
I had the same error. This isn't necessarily the reason you're getting it, but I ended up looking at the packets being received by my iphone simulator, and here's the error from s-statick.ak:
[truncated] <span>Given URL is not allowed by the Application configuration.: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one o
For me, the error is that on my device(s), I'm accessing the site through an ip address (192.168.xx etc) and on local development I have hosts routing localhost to a url that is in my facebook app config... so the IP isn't configured for the app.
Facebook won't let me use an IP address, so it seems like the only option is a test deploy or a DNS server. Hope this helps you out.