I am working on an iOS app that is communicating with a Worklight server thanks to the iOS SDK provided by Worklight.
I would like to integrate the AppConnect SDK (MDM) to the project in order to do some tunneling on communications.
For this, I have to overload an NSURLConnectionDelegate method to add some AppConnect-related certificate configuration to an HTTP request :
- (void) connection: (NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
The problem is that NSURLConnections and NSURLRequests are encapsulated by the Worklight iOS library : the method that I use to make calls is
[[WLClient sharedInstance] invokeProcedure:myInvocation withDelegate:self options:serviceOptions];
So I can't see the NSURLConnections and NSURLRequests, and I can't overload the NSURLConnectionDelegate method...
That's why I would like to know : is it possible to overload the HTTP behavior of the Worklight iOS library in this way ? And if it is possible, how can I do it ?
If you need to add header, you can use the options in invokeProcedure.
In case you need more complicated things, I would suggest using NSURLProtocol -> https://developer.apple.com/library/ios/documentation/Cocoa/Reference/Foundation/Classes/NSURLProtocol_Class/index.html
Related
In my app I need to call some REST API service calls. The certificate on the target development server where REST API services are deployed is self signed. So when I am running app I am getting error like:
Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “192.168.10.20:8080” invalid.....which could put your confidential information at risk.
As this server is only for dev/testing purpose so I simply wants to ignore ssl check ... How can I achieve it? I tried following way:
[AppDelegate.m file] but didn't succeeded as below code is not working in iOS 11 ...
#implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
#end
I am using ionic 3 & Cordova 7 in my app.
Thanks #peter I have found one more workaround for checking app in ios11 for testing purpose whether API's are getting hit properly or not. You can forcefully change the webview from WKWebView to UIWebview by adding below tag in config.xml
<preference name="CordovaWebViewEngine" value="CDVUIWebViewEngine" />
now add following code in Appdelegate.m file
#implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
#end
it worked for me..!
Note:only for dev/testing purpose.not recommended for production deployments
Interestingly, I am just researching the same problem. Looks like in iOS 11 things are a bit more restricted. I am answering here for WKWebView.
In essence you need to do:
place custom auth code to the WKWebView plugin code
load resource directly from Cordova (then WKWebView events gets properly triggered)
disable ATS (NSAppTransportSecurity)
Detail description
What you should do in detail is the following (if you are using WKWebView):
You need to modify CDVWKWebViewEngine.m (plugin code). You need to add there:
- (void)webView:(WKWebView *)webView
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge
*)challenge completionHandler:(void (^)
(NSURLSessionAuthChallengeDisposition
disposition, NSURLCredential *credential))completionHandler {
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
completionHandler(NSURLSessionAuthChallengeUseCredential,
[NSURLCredential credentialForTrust:serverTrust]);
}
However, please note - this only works when WKWebView is initialized (i.e. loaded via cordova framework).
So you need to load your application also from that URI where API is. I presume you have local network (self signed certificate), so this should not be a problem. If you will load application locally (i.e. from index.html) then this wont work!
Additionally you need to disable iOS ATS in application *.plist setting file like:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
This is what works for me.
Additional resources:
Very nice testing site for different SSL scenarios (including self signed): https://badssl.com/
Apple forum discussion on this topic: https://forums.developer.apple.com/message/269452#269452
Disclamer: Disabling certificate check should be avoided, use this only if you have a very good reason or other restrictions. You still have communication security, but you have no trust. Hence men in the middle attack is possible! If you decide to go with this option, you should also use certificate pinning to make things more secure.
I recently had a problem associated with an invalid SSL certificate on a server.
In my application, I am using the WKWebView plugin, which has become a requirement to send applications to an App Store. It is in this plug-in that an adjustment needs to be made to ignore invalid SSL certificates, in the file "plugins/cordova-plugin-ionic-webview/src/ios/CDVWKWebViewEngine.m", includes:
- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler {
NSLog(#"Allow all");
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
CFDataRef exceptions = SecTrustCopyExceptions (serverTrust);
SecTrustSetExceptions (serverTrust, exceptions);
CFRelease (exceptions);
completionHandler (NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:serverTrust]);
}
As a result, the application will not take into account invalid SSL certificates.
References of https://developer.apple.com/forums/thread/15610
Remembering that it is not recommended to do this in applications in production, because invalid SSL certificates can compromise the security of the application.
I have an app working just fine on iOS 9 with a Custom NSURLProtocol implemented with NSURLSession. All the requests executed by the client are done with NSURLSession as well and each sessionConfiguration is registering to the protocol before executing the request.
I have an issue with iOS 8 that I don't have with iOS 9. With iOS8 the Custom NSURLProtocol is performing that request non stop, basically an infinite loop of the same request. canInitWithRequest: in the custom protocol gets called way more on iOS 8 than on iOS 9 which basically drives the method startLoading to get called and fire the request after some header modifications that my protocol is supposed to perform.
Is there a known issue with iOS8 where NSURLProtocols and NSURLSession don't behave as expected?
I'm not aware of any problems like that, no.
This sounds like your protocol is either:
Failing to detect its own header modifications for some reason
Failing to make the modifications for some reason
Failing to return NO when your protocol is asked if it should handle a request that already contains the modified headers
Be sure that you are using a header field for the purpose of detecting whether to handle the request. There's no guarantee that the specific NSURLRequest object that you pass down into the machinery will come back to you. I'm not even sure I would trust propertyForKey:inRequest:, but that might make me too paranoid.
Critically, don't ever subclass NSURLRequest when working with NSURLSession. In iOS 9, it almost works. The farther back you get, the more broken the behavior, until by iOS 7 you're pretty much relegated to using NSURLConnection. :-)
I am developing an Chatting app for iOS platform. I am using XMPP framework downloaded from https://github.com/robbiehanson/XMPPFramework.
Initially server was not having certificates installed, it was a plain HTTP service. But now certificate authentication is required because now certificate is installed and need to support HTTPS protocol. I Tried just implementing following method,
- (void)xmppStream:(XMPPStream *)sender didReceiveTrust:(SecTrustRef)trust
completionHandler:(void (^)(BOOL shouldTrustPeer))completionHandler;
But now it is not connecting to that server or certificate validation is not happening.
Any idea apart from above delegate method do we need to set up any other thing ?
To connect to server i am using following method,
- (BOOL)connectWithTimeout:(NSTimeInterval)timeout error:(NSError **)errPtr
Regards,
Bhat
I resolved the above issue by setting the isSecure values as YES.
The following method was not publicly available for other classes in XMPPStream class.
-(void)setIsSecure:(BOOL)flag
By setting the above value am able to connect the port 5223 and SSL handshake works perfectly..
Regards,
Chandrika
Is there a callback for failed media playbacks in the Google Cast iOS Framework? I wasn't able to find anything useful in the documentation or the sample apps on github.
Specifically, I'm looking for load errors of HLS streams... So in case CORS isn't properly configured, the parsing of *.m3u8 files fails, I want the sender iOS app to know about.
This is the closest I have found:
- (void)deviceManager:(GCKDeviceManager *)deviceManager didFailToConnectToApplicationWithError:(NSError *)error
- (void)deviceManager:(GCKDeviceManager *)deviceManager didFailToConnectWithError:(NSError *)error
However, if connecting to the device, and launching the receiver application succeed, these callbacks will never fire.
Thanks for your help!
Found it!
- (void)mediaControlChannel:(GCKMediaControlChannel *)mediaControlChannel didFailToLoadMediaWithError:(NSError *)error
I am using NSURLConnection for accessing webservices.
I am getting proper response in iOS 4.3 but If I run the same code in iOS5 I am getting NULL response.
What are the changes do I need to make to the existing NSURLConnection delegates to work successfully.
I have implemented NSURLConnectionDataDelegate & NSURLConnectionDelegate. Even then its not working.
Thanks in advance.
You have some changes with NSURLConnection class in iOS 5 (some delegate methods are now deprecated).
You can find a good post about it here : NSUrlConnection Class Changes