0

I am a developer of an react-native application for iOS. When I perform HTTPS request via react fetch invocation I got this exception. 

2017-08-01 09:18:07.199 [info][tid:com.facebook.react.JavaScript] 
'REQUEST_DATA: ', { method: 'GET',
      headers:
    { Accept: 'application/json',
      'Content-Type': 'application/json',
      credentials: 'include',
      Authorization: 'Basic MzI1MjM0NTo1MjU0' } }
2017-08-01 09:18:07.200 [info][tid:com.facebook.react.JavaScript] 'REQUEST_URL: ', 'https://10.36.6.186/mwprb/rest/personnel-number'
2017-08-01 09:18:07.287393+0300 MobileApp[2954:1413289] [] nw_coretls_callback_handshake_message_block_invoke_3 tls_handshake_continue: [-9812]
2017-08-01 09:18:07.287 UFSConfirmationMobile[2954:1411062] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2017-08-01 09:18:07.291 [info][tid:com.facebook.react.JavaScript] 'GET ERROR: ', { [TypeError: Network request failed]
line: 29785,
  column: 21,
  sourceURL: 'http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false' }

For developer purposes I want to ignore HTTPS security. According to this guide (https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW40) I added flags to my Info.plist file. Now it looks like this:

<plist version="1.0">
<dict>
    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>
    .....

I checked via [[[NSBundle mainBundle] infoDictionary] objectForKey:@"NSAppTransportSecurity"] that my changes were applied, but I still get this exceptions.

As well I tried to use NSExceptionDomains

NSIncludesSubdomains
NSExceptionAllowsInsecureHTTPLoads
NSExceptionRequiresForwardSecrecy
NSExceptionMinimumTLSVersion
NSThirdPartyExceptionAllowsInsecureHTTPLoads
NSThirdPartyExceptionMinimumTLSVersion
NSThirdPartyExceptionRequiresForwardSecrecy

with this keys for domain, but it doesn't help too.

I run my app on a simulator of iPad Air iOS 10.3 on Xcode 8.3.3, https on url works over TLS 1.2

Arets Paeglis
  • 3,856
  • 4
  • 35
  • 44
osseum
  • 187
  • 14
  • Apparently you still make the request using https `https://10.36.6.186/mwprb/rest/personnel-number` – deadbeef Aug 01 '17 at 10:28
  • Yes, and I want to ignore security checks. Like trust to this certificate anyway in browsers. – osseum Aug 01 '17 at 11:00
  • Well, that's a whole other problem, ATS exceptions are not designed for that. And there are already many questions concerning this on SO. – deadbeef Aug 01 '17 at 11:03
  • Could you give me a link or at least key words? I wouldn't ask on SO if I and my colleague were able to find it out by google. – osseum Aug 01 '17 at 11:24
  • Try [this](https://www.google.com/search?q=ios+accept+self+signed+certificate) which gives me either [this](https://stackoverflow.com/questions/22663768/https-ios-with-self-signed-certificate) or [this](https://discussions.apple.com/thread/7738477?start=0&tstart=0) – deadbeef Aug 01 '17 at 11:33
  • Do you need to use https? If the server you connect to supports a straight http request, the self-signed cert issue would go away and your ATS exception would work. – wottle Aug 01 '17 at 16:16

0 Answers0