1

I am making an app that returns book reviews based on isbn. I am trying to load the Goodreads review widget in a web view but I am getting two errors:

CFNetwork SSLHandshake failed (-9824) and NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)

I have tried several other urls and get the same result.

Here is my code where I am calling the url: 

override func viewDidLoad() {
        super.viewDidLoad()

        let url = NSURL (string: "https://www.goodreads.com/api/index#book.show_by_isbn");
        let requestObj = NSURLRequest(URL: url!);
        webView.loadRequest(requestObj);
}

In the info.plist I have a goodreads.com dictionary within the Exception Domains dictionary. I included in goodreads.com NSIncludesSubdomains, NSExceptionsAllowsInsecureHTTPLoads, and NSExceptionsMinimumTLSVersion (set to TLSv1.1)

Is there something obvious that I am going wrong? Is the domain wrong?

EDIT: For anyone reading this later, I think I have solved it. This page (Does App Store reject submission if NSAllowsArbitraryLoads set to YES?) helped immensely.

The App Store will reject your app if you use NSAllowsArbitraryLoads. However, they will allow NSAllowsArbitraryLoadsInWebContent

Per Apple developer guidelines,

"Set this key’s value to YES to obtain exemption from ATS policies in your app’s web views, without affecting the ATS-mandated security of your NSURLSession connections. To support older versions of iOS and macOS (older than iOS 10), you can employ this key and still manually configure ATS. To do so, set this key’s value to YES and also configure the NSAllowsArbitraryLoads subways. If you add this key to your Info.plist file, then, irrespective of the value of the key, ATS ignores the value of the NSAllowsArbitraryLoads key."

Community
  • 1
  • 1
Olivia Murphy
  • 11
  • 2

3 Answers3

0

Try to add NSAppTransportSecurity in your project.plist and check whether your url request is working or not.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

enter image description here

Natarajan
  • 3,241
  • 3
  • 17
  • 34
  • Yes, I have already researched this option. It correctly loads the url, but I have read NSAllowsArbitraryLoads is a hack that is not accepted by the App Store. I would like to eventually put this app on the store so I am looking for other options... Thanks for the suggestion though. – Olivia Murphy Sep 18 '16 at 18:06
0

If you want to allow specific domain use it this way it is more secure than allowing all

  <key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

Fix is easy add the line below and it works.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

I have attached the project I tested on

LINK TO THE PROJECT

O-mkar
  • 5,430
  • 8
  • 37
  • 61
0

You also have to make sure that App Sandbox is disabled in Targets > Capabilities. Xcode automatically enables it for freshly generated projects.

petermafia
  • 44
  • 3