Heyy, I have spent the last day or so racking my brain trying and failing to disable the ATS, I know it is deemed bad too, but I am currently only working on the app internally. I have tried many suggestions online to no avail, latest try below of info.plist. I am lost as to what to do?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>BNDL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
</dict>
</plist>
Debug console eror print
error=Optional(Error Domain=NSURLErrorDomain Code=-1022 "The resource
could not be loaded because the App Transport Security policy requires
the use of a secure connection."
UserInfo={NSUnderlyingError=0x7f9670e85620 {Error
Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"},
NSErrorFailingURLStringKey=http://localhost/sfc/manualorder.php,
NSErrorFailingURLKey=http://localhost/sfc/manualorder.php,
NSLocalizedDescription=The resource could not be loaded because the
App Transport Security policy requires the use of a secure
connection.})
If you want to disable ATS, you can just add this to the Info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
And when you're finished working on your app, you can re enable it and go granular with whitelisting your domains.
Like this, the first includes all subdomains and the second does not:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>maindomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
<key>other.domain.net</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
One added step that you may require if you're testing on simulator, is to both clean the project and reset the content and settings of the simulator, then build and run again.
Related
I am developing flutter ios app with frebase. I want to login to the app using sms authentication. When i am running the app it is fetching details from db. But it is showing the error in app launching time.
The error is
- [Firebase/Core][I-COR000004] App with name __FIRAPP_DEFAULT does not exist.
In the xcode i have enabled the enabled "Push Notifications" and "Remote Notifications" for removing captcha in OTP verification.
But if i disabled "Push Notifications" and "Remote Notifications" it will show captcha. And after verifying captcha it send SMS.
- [Firebase/Core][I-COR000004] App with name __FIRAPP_DEFAULT does not exist. in application open.
i given below main.dart file
final FirebaseApp app = await FirebaseApp.configure(
name: myApp,
options: const FirebaseOptions(
googleAppID: '1:57979xxxxx:ios:c9d1031xx',
gcmSenderID: '58989xxxxx6',
apiKey: 'AIzaSyANwavsssasxxxxxxxxxxxKBNF7I',
projectID: 'myApp',
),
);
The SMS verification code is
await firebaseAuth.verifyPhoneNumber(
phoneNumber: "+91"+phoneNumber,
timeout: Duration(seconds: timeOut),
codeAutoRetrievalTimeout: autoRetrieve,
codeSent: smsCodeSent,
verificationCompleted: verifiedSuccess,
verificationFailed: veriFailed);
final PhoneVerificationFailed veriFailed = (AuthException exception) {
print("ERROR");
print('${exception.message}');
throw new Exception(exception);
};
When i enabled "Push Notifications" and "Remote Notifications"
It will show the error in "veriFailed" function . The error is
Invalid Token and
PlatformException(ERROR_MISSING_VERIFICATION_ID, The phone auth credential was created with an empty verification ID., null)
The info.plist is
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>APS Environment</key>
<string>production</string>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>My App</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>My App</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>$(FLUTTER_BUILD_NAME)</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLSchemes</key>
<array>
<string>fb3xxxxxxxxx</string>
</array>
</dict>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLSchemes</key>
<array>
<string>com.googleusercontent.apps.xxxxxxxxxxxxxxx</string>
</array>
</dict>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLSchemes</key>
<array>
<string>com.myapp.app</string>
</array>
</dict>
</array>
<key>CFBundleVersion</key>
<string>$(FLUTTER_BUILD_NUMBER)</string>
<key>FacebookAppID</key>
<string>334xxxxxxxx</string>
<key>FacebookDisplayName</key>
<string>My App</string>
<key>FirebaseAppDelegateProxyEnabled</key>
<false/>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSLocationAlwaysAndWhenInUseUsageDescription</key>
<string>This application requires location services to work</string>
<key>NSLocationAlwaysUsageDescription</key>
<string>This application requires location services to work</string>
<key>NSLocationWhenInUseUsageDescription</key>
<string>This application requires location services to work</string>
<key>UILaunchStoryboardName</key>
<string>LaunchScreen</string>
<key>UIMainStoryboardFile</key>
<string>Main</string>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
<key>UISupportedInterfaceOrientations~ipad</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
<string>UIInterfaceOrientationPortraitUpsideDown</string>
<string>UIInterfaceOrientationLandscapeLeft</string>
<string>UIInterfaceOrientationLandscapeRight</string>
</array>
<key>UIViewControllerBasedStatusBarAppearance</key>
<false/>
<key>io.flutter.embedded_views_preview</key>
<true/>
</dict>
</plist>
My pubspec.yaml is
firebase_core: ^0.4.0+8
firebase_auth: ^0.11.1+11
cloud_firestore: ^0.12.7
firebase_messaging: ^5.1.2
I don't know how to solve the issue please help me.
Swap lines in AppDelegate.swift to FirebaseApp is called before plugin.
FirebaseApp.configure()
GeneratedPluginRegistrant.register(with: self)
I solve the by changing auth plugin to
firebase_auth:
git:
url: https://github.com/collinjackson/plugins.git
ref: 441417c2fed0ff26bf84a49ab2c5ffd2aa5487de
path: packages/firebase_auth
After adding the plugin the problem solved. The plugin firebase_auth: ^0.11.1+11 is making the issues
I am using Alamofire to connect to a web service. It seems as if the server has an invalid certificate. I would like to have alamofire ignore this invalid cert. I added the following values to my info.plist:
<dict>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>TemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>ExceptionRequiresForwardSecrecy</key>
<false/>
<key>IncludesSubdomains</key>
<true/>
<key>ExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
But I am still getting this issue. What else should I do to allow this invalid cert?
UPDATE: Still having same issue.
I have an issue that appeared recently.
In my code, I load some images from an HTTP server:
let urlPicture = "http://images.mydomain.com/" + self.currentUser.pic
imageView.sd_setImageWithURL(NSURL(string: urlPicture))
I do not use HTTPS for my images server because I guess it would have been too slow, but maybe I'm wrong on this point.
A nodejs server is running in an AWS EC2 instance, and listens on port 80 to manage images.
Due to ATS restrictions, I declare an exception in my Info.plist file for my images subdomain:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>images.mydomain.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSRequiresCertificateTransparency</key>
<false/>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
</dict>
</dict>
</dict>
Recently I added a new subdomain on the same AWS instance: https://api.mydomain.com
Another nodejs server listens on 443 port and manages the API.
Since this change, everything is fine in my app when I call the API, but when I load images I am facing the following issue:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
Any idea fo fix that?
I found the issue.
It was on server side, the HTTPS server running on the same AWS instance is configured with HSTS:
var ONE_YEAR = 31536000000;
app.use(helmet.hsts({
maxAge: ONE_YEAR,
includeSubdomains: true,
force: true
}));
The variable includeSubdomains set to true forces my other domain images.mydomain.com to use HTTPS protocol while it is a HTTP server.
To solve it, just exclude others domains in HSTS configuration:
var ONE_YEAR = 31536000000;
app.use(helmet.hsts({
maxAge: ONE_YEAR,
includeSubdomains: false,
force: true
}));
Can you add this in plist.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I added this to my app Info.plist file to opt out of ATS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Still getting this error when I try to do a GET request from my http resource (have no control over the server):
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
My complete Plist file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>com.owlpixel.xxxxx</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>$(CURRENT_PROJECT_VERSION)</string>
<key>NSPrincipalClass</key>
<string></string>
</dict>
</plist>
ATS should be disabled, why does it still block me? any ideas?
You should give following code in your plist.
NSAllowArbitraryLoads boolean yes
SOURCE for question is below
Transport security has blocked a cleartext HTTP
Try to find if there are a lot of .plist files in you Xcode project (or Workspace).
I had the same problem and it was resolved by finding all Info.plist files in my Workspace and adding NSAppTransportSecurity logic to responsible for external (http://) calls .plist file.
I'm trying to install a beta app to an iOS device and am hosting the manifest.plist and IPA file on HTTPS with a self-signed certificate. When I hit the itms-services:// link, I get an error of "Cannot connect to <ip address>".
itms-services link:
itms-services://?action=download-manifest&url=https://10.0.1.2:1338/ipa/manifest.plist
plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://10.0.1.2:1338/ipa/test.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.company.test</string>
<key>bundle-version</key>
<string>1.0</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>test</string>
</dict>
</dict>
</array>
</dict>
</plist>
Try adding your certificate to the trusted ones (probably, easiest thing to do is to mail a cer file to device and open it from standard mail app to install).
Another thing you need to make sure is that your server supports TLS 1.2 and Forward Secrecy.
You can use nscurl --ats-diagnostics https://example.com/app.ipa to check if everything done right.
Its possible:
Create the certificate file (export as DER encode X.509)
Access file from device via HTTP (like the manifest.plist in your example)
Agree to install it in device
Turn it on: https://support.apple.com/en-au/HT204477