I've spent a while trying to get this working. I have an API that I'm connecting to that i'm trying to switch to SSL with self signed certificates. I have control on the server and app.
I generated a self signed cert according to this:
https://kyup.com/tutorials/create-ssl-certificate-nginx/
sudo openssl genrsa -des3 -out ssl.key 2048
sudo openssl req -new -key ssl.key -out ssl.csr
sudo cp ssl.key ssl.key.orig & sudo openssl rsa -in ssl.key.orig -out ssl.key
sudo openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt
I've tried some config options on the server (NGINX)
ssl on;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
And on the client side I've tried some different options with ATS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
and
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>test.example.com (NOT REALLY MY DOMAIN)</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
and
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>test.example.com (NOT REALLY MY DOMAIN)</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
Depending on different ATS options I get errors:
An SSL error has occurred and a secure connection to the server cannot be made.
or
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “MYDOMAIN” which could put your confidential information at risk.
Any ideas? Anyone else struggle with self signed certs?
P.S. I'm on OS X 10.11.2 Beta, Xcode 7.1.1
I figured out the issue. It has nothing to do with App Transport Security. I had to make sure that iOS trusts the certificate since it's not from a trusted authority.
The old school way of doing this by overriding NSURLRequest.allowsAnyHTTPSCertificateForHost doesn't work.
Since i'm using NSURLSession you have to do it with this:
- (id) init {
self = [super init];
NSURLSessionConfiguration * config = [NSURLSessionConfiguration defaultSessionConfiguration];
self.session = [NSURLSession sessionWithConfiguration:config delegate:self delegateQueue:[NSOperationQueue mainQueue]];
return self;
}
- (void) URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler {
completionHandler(NSURLSessionAuthChallengeUseCredential,[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
}
just need add .cer to SecTrust
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: #escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Swift.Void) {
if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
if let trust = challenge.protectionSpace.serverTrust,
let pem = Bundle.main.path(forResource: "https", ofType: "cer"),
let data = NSData(contentsOfFile: pem),
let cert = SecCertificateCreateWithData(nil, data) {
let certs = [cert]
SecTrustSetAnchorCertificates(trust, certs as CFArray)
completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: trust))
return
}
}
// Pinning failed
completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
}
Related
I don't know what is wrong with my react-native project
I wrote "npx react-native run-ios --simulator "myDevice" and I have a red screen with the following messages:
Could not connect to development server.
Ensure the following:
Node server is running and available on the same network - run 'npm start' from react-native root
Node server URL is correctly set in AppDelegate
WiFi is enabled and connected to the same network as the Node Server
URL:
http://localhost:8081/index.bundle?platform=ios&dev=true&minify=false&modulesOnly=false&runModule=true&app=org.reactjs.native.example.citas
RCTFatal
__28-[RCTCxxBridge handleError:]_block_invoke
_dispatch_call_block_and_release
_dispatch_client_callout
_dispatch_main_queue_callback_4CF
CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE
__CFRunLoopRun CFRunLoopRunSpecific GSEventRunModal
-[UIApplication _run] UIApplicationMain main start 0x0
I changed my URL at info.plist using my current computer's IP but isn't working, I'm very confused about it. How can I connect my node server with react-native?
Thank you so much!
Here you have my settings:
Catalina 10.15.4
iOS 14.4
react-native-cli: 2.0.1
react-native: 0.64.2
node: v14.17.0
npm: v6.14.13
PodFile
require_relative '../node_modules/react-native/scripts/react_native_pods'
require_relative '../node_modules/#react-native-community/cli-platform-ios/native_modules'
platform :ios, '10.0'
target 'citas' do
config = use_native_modules!
use_react_native!(
:path => config[:reactNativePath],
# to enable hermes on iOS, change `false` to `true` and then install pods
:hermes_enabled => false
)
target 'citasTests' do
inherit! :complete
# Pods for testing
end
# Enables Flipper.
#
# Note that if you have use_frameworks! enabled, Flipper will not work and
# you should disable the next line.
#use_flipper!()
post_install do |installer|
react_native_post_install(installer)
end
end
Info.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>citas</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSAllowsLocalNetworking</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>jsCodeLocation = [NSURL URLWithString:#"http://192.168.0.19:8081/index.ios.bundle?platform=ios&dev=true"];</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
<key>NSLocationWhenInUseUsageDescription</key>
<string></string>
<key>UILaunchStoryboardName</key>
<string>LaunchScreen</string>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
<string>UIInterfaceOrientationLandscapeLeft</string>
<string>UIInterfaceOrientationLandscapeRight</string>
</array>
<key>UIViewControllerBasedStatusBarAppearance</key>
<false/>
</dict>
</plist>
I'd been stuck per days and the problem was related to Watchman Permissions. See the verified solution and I hope this help someone
Homebrew Permissions for Watchman on Muti-user Mac
Are you sure you have a simulator named "myDevice"?
Normally, we use the name of the device for example, iPhone 12 Pro
react-native run-ios --simulator="iPhone 12 Pro"
Can you try running this once
Also, you do not need to specify the ip address of your local machine, just writing localhost is enough
<dict>
<key>localhost</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
While submitting the safari extension in Safari extension gallery I am getting the query of During our review of your extension we found that the Info.plist is missing the ‘Website' field.
URL is already mentioned in the plist file.
info.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Author</key>
<string>OpenText</string>
<key>Builder Version</key>
<string>13606.2.104</string>
<key>CFBundleDisplayName</key>
<string>DCMExtension</string>
<key>CFBundleIdentifier</key>
<string>com.emc.documentum.CTF</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleShortVersionString</key>
<string>1.1</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>Chrome</key>
<dict>
<key>Global Page</key>
<string>global.html</string>
</dict>
<key>Content</key>
<dict>
<key>Scripts</key>
<dict>
<key>End</key>
<array>
<string>ContentScript.js</string>
</array>
</dict>
</dict>
<key>Description</key>
<string>Assists in content transfer of files in xCP, D2 and Webtop applications</string>
<key>DeveloperIdentifier</key>
<string>4B9GHJ9X43</string>
<key>ExtensionInfoDictionaryVersion</key>
<string>1.0</string>
<key>Permissions</key>
<dict>
<key>Website Access</key>
<dict>
<key>Include Secure Pages</key>
<true/>
<key>Level</key>
<string>All</string>
</dict>
</dict>
<key>URL</key>
<string>https://raw.github.com/d2user/safari/master/DCMExtension.safariextz</string>
<key>Update From Gallery</key>
<true/>
</dict>
</plist>
I just had one more doubt that while submitting the extension it was asking about the website in submission form
submission in safari extension gallery
I am keeping the website blank, is that is causing the problem and do I need to mention just the website of the product or from where we are downloading it.
Does it also have any references for that in the info.plist? Any hint on this!!!
We need to add website in the info.plist
<key>Website</key>
<string>https://github.com/spadin/js-beautify-safari-extension</string>
https://github.com/spadin/js-beautify-safari-extension/blob/master/Info.plist
1) The following code give me an error on IOS but work on Android.
2) On IOS i Can make fetch with "get" but "post" fails
so this don't work on ios :
var data = new FormData();
data.append("fileUpload", { uri: imageUri, name: filename, type: "image/jpeg" });
data.append("filename", filename);
data.append("name", "uploadedFile");
const config = {
method: "POST",
headers: {
Accept: "application/json",
"Content-Type": "multipart/form-data;"
},
body: data
};
return fetch(url, config).then((response) => response.json())
.then(res => { return res ;})
.catch(error => {
console.error(error);
return { name: "network error", description: "" };
});
i try to fix the info.plist on IOS according to other post (like React Native fetch() Network Request Failed) but the error still there
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>myapp</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSAppTransportSecurity</key> // i add this
<dict> // i add this
<key>NSAllowsArbitraryLoads</key> // i add this
<true/> // i add this
<key>NSAllowsArbitraryLoadsInWebContent</key> // i add this
<true/> // i add this
</dict> // i add this
<key>NSCameraUsageDescription</key>
<string>Your message to user when the camera is accessed for the first time</string>
<key>NSLocationWhenInUseUsageDescription</key>
<string></string>
<key>NSMicrophoneUsageDescription</key>
<string>Your message to user when the microsphone is accessed for the first time</string>
<key>NSPhotoLibraryUsageDescription</key>
<string>Your message to user when the photo library is accessed for the first time</string>
<key>UIAppFonts</key>
<array>
<string>Zocial.ttf</string>
<string>Feather.ttf</string>
</array>
<key>UILaunchStoryboardName</key>
<string>LaunchScreen</string>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UISupportedInterfaceOrientations</key>
<array/>
<key>UIViewControllerBasedStatusBarAppearance</key>
<false/>
<key>LSApplicationCategoryType</key>
<string></string>
</dict>
</plist>
i try to restart xcode, clean project and build all.
any advice ? thanks
iOS does not allow insecure HTTP requests. In order to do so, you have to add your domain as an exception inside your info.plist.
Add the following:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
Finder Sync Extensions can be enabled or disabled from the extension's settings in System Preferences.
My Extension isn't launching with the application, even when the check mark for the extension is enabled.
So to launch the extension, i disable my extension and enable it again. This isn't launching the extension app?
Is thus wanted to know if i am missing any aspect here.
Note: If the app is running, and i disable the extension, it quits the extension app (takes some time to do so)
My Finder Sync Extension's Info.Plist.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>My Finder Integration</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>XPC!</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>LSMinimumSystemVersion</key>
<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
<key>LSUIElement</key>
<true/>
<key>NSExtension</key>
<dict>
<key>NSExtensionAttributes</key>
<dict/>
<key>NSExtensionPointIdentifier</key>
<string>com.apple.FinderSync</string>
<key>NSExtensionPrincipalClass</key>
<string>FinderSync</string>
</dict>
<key>NSHumanReadableCopyright</key>
<string>Copyright © **** All rights reserved.</string>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
<key>NSSupportsAutomaticGraphicsSwitching</key>
<true/>
</dict>
</plist>
According to this documentation, the value for the key NSExtensionPrincipalClass should include the module name separated by a .:
<string>$(PRODUCT_MODULE_NAME).FinderSync</string>
I have a trouble at uploading a AIR iOS app, it always say:
"Invalid Profile: distribution build entitlements must have get-task-allow set to false."
step 1:
I package the app with the adhoc provision file, failed.
step 2:
I added something to xml file.
<iPhone>
<InfoAdditions><![CDATA[
<key>Entitlements</key>
<dict>
<key>get-task-allow</key>
<false/>
</dict>
....
still failed.
<iPhone>
<InfoAdditions><![CDATA[
<key>UIDeviceFamily</key>
<array>
<!-- iPhone support -->
<string>1</string>
<!-- iPad support -->
<!--<string>2</string>-->
</array>
]]></InfoAdditions>
<Entitlements>
<![CDATA[
<key>get-task-allow</key>
<false/>
]]>
</Entitlements>
<requestedDisplayResolution>high</requestedDisplayResolution>
</iPhone>