I created a web view controller and it loads https sites(ex: , ) but not http, non ssl secured sites(ex: http://bswd.us, http://www.barretthillins.com). When i do put a hhtp site in there, it does load but just a blank, white web view. How would i need to fix this?
This is due to the App Transport Security, a new protocol introduced by Apple at WWDC 2015. It doesn't allow any connections that are not HTTPS. You can disable it, however it's not recommended as it secures your app.
To disable it you have to edit the App's .plist. Simply right-click the .plist file and select Open As -> Source File and add the following code:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
This will allow HTTP requests.
Hope that helps, Julian.
You can also allow access to http content just through webviews, by adding this instead:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
</dict>
Related
In the app I'm working on, I need to handle 3-D Secure redirects from our payment service provider. These redirects point to a web page of the card issuer that is shown in a WKWebView to the user in the app.
This works all the time except one case where the WKWebView doesn't load for https://3dsecure.csas.cz/ and fails with the following error:
Error Domain=NSURLErrorDomain
Code=-1200
"An SSL error has occurred and a secure connection to the server cannot be made."
What's interesting is that the same URL loads with no problems in Safari or in SFSafariViewController. Even the server's certificate is okay:
I've tried to play around with NSAppTransportSecurity settings in app's Info.plist file, specifically enable NSAllowsArbitraryLoadsInWebContent and NSAllowsArbitraryLoads but it does have no effect.
Forward Secrecy
It turns out that the server for 3dsecure.csas.cz does not support Forward Secrecy: https://www.ssllabs.com/ssltest/analyze.html?d=3dsecure.csas.cz&s=194.50.240.77
Perfect forward secrecy is required by App Transport Security in iOS9 and above for all app connections, including webviews (not including Safari, however)
ATS Debugging
Running the following command in Terminal runs ATS diagnostics and tells more about the problem and how to solve it:
/usr/bin/nscurl --ats-diagnostics --verbose https://3dsecure.csas.cz
ATS Exception in the app
Allowing the webview in the app to connect to a specific server that does not support forward secrecy could be done by adding the following in the Info.plist file:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>3dsecure.csas.cz</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Not future-proof
This exception needs to be added for every single domain that does not support forward secrecy. Unfortunately, It's impossible to know all the 3-d secure servers in advance as they come as redirects from the payment provider.
What I don't know is if not requiring forward secrecy could be set for any domain, globally, and just within a specific webview, without affecting the whole app.
In iOS9, I can't download image form two domain.
Always only one domain's image can download.
The error message show that
error:Error Domain=NSURLErrorDomain Code=404
I already add this
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Anyone can help me?
There is a little bit too less of information to give a definite answer. It does not seem to be an authentication or security issue.
However: 404 means, the URL (File) you are trying to reach cannot be found, are you sure the link/url is correct?
This question already has answers here:
How do I load an HTTP URL with App Transport Security enabled in iOS 9? [duplicate]
(8 answers)
Closed 7 years ago.
The following code works fine before iOS8.4.1 (includ 8.4.1). While it ruturns nil in iOS9.0.1. Is it a bug or there is a public annoucement for this change? I tested with two iPads.
let url = NSURL(string: "http://www.mapshots.com/wp-content/uploads/2014/05/mapshots-ag-studio-agricultural-mapping-software-logo.png")
let data = NSData(contentsOfURL: url!)
NSLog("Data length #%", (data?.length)!)
This is an issue related to ATS(App Transport Security Protocol) changes made by Apple in iOS 9. By default iOS9 disregard communication with http protocol. Your URL should be https. However you can include exception for specific domains in your app or you can allow all http communication to be allowed from within your app.
Check the Documentation for full details.
To Allow all http domains from your application, you should add
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
But as Apple has recommended these new settings, you should chose to add exception for this specific domain in your app rather than allowing all http domains. Check this thread to achieve this.
With iOS 9 you can't call an HTTP anymore because the ATS (App Transport Security) calls should be HTTPS. To work with HTTP links, you should insert the following key in the info.plist file to disable the ATS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
create a new voice in the info.plist file "NSAppTransportSecurity" like dict.
insert in it the key "NSAllowsArbitraryLoads" like boolean and set to YES
;-)
I am currently having problems using a WebView with this API to login to my app. I feel like I've set up something wrong somewhere, but can't put my finger on it.
Here's the error I'm getting :
Given URL is not allowed by the Application configuration code:191
I've set up my application descriptor like this (the x's are my app id)
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fbxxxxxxxxxxxxxxx</string>
</array>
</dict>
</array>
<key>CFBundleURLName</key>
<string>xxxxxxxxxxxxx</string>
I don't know if I need to add a setting in my facebook app page, but I've enabled embedded browser login and that's it.
Am I forgetting something here ?
Thanks for the help !
The problem can be caused by many things. I've used this and it helped me a lot:
http://afterisk.wordpress.com/2013/02/26/first-free-facebook-single-sign-on-sso-adobe-air-native-extension-for-android/
It important to follow almost every step as there are multiple properties in Facebook that you must set.
Second, check this SO: Facebook API error code 191
I don't know what's the url that you open - it's best to get it as login url from FB.
I hope that helps and will solve your problem :)
I'm currently work on a iOS/Phonegap app, I want to have it respond to a custom URL scheme, so that when a person clicks on a link in the regular browser it will open the app to a specific page, where said page is actually an external page. The app thus far essentially acts as a web browser where external (web) content is displayed in ChildBrowser.
I am 95% certain I need to use the following method in AppDelegate.
- (BOOL) execute:(InvokedUrlCommand*)command{}
And I know I need to use the following to create my command.
+ (InvokedUrlCommand*) newFromUrl:(NSURL*)url;
My problem is that I've been unable to find any examples online of doing this. I know the url passed to newFromUrl needs to be in the format of yourscheme://<sessionKey>#<Class>.<command>/[<arguments>][?<dictionary>] But in this case, my [<arguments>] would be a regular url of the form "http://www.google.com".
Can some one give a concrete real-world example?
This is implemented in current versions of PhoneGap so that all you need to do is add you custom URL to the App-info.plist file. Here is a sample of the XML:
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLName</key>
<string>com.cams.myapp</string>
<key>CFBundleURLSchemes</key>
<array>
<string>myApp</string>
</array>
</dict>
</array>
You should use the Property editor to edit this file and get the format correct.