All geek questions in one place

Application transport security blocks routing through a custom URL scheme

My iOS app (written in Swift and React Native) has a custom URL scheme that allows me to redirect the app, for example. Safari like myappscheme: // https: //www.mywebsite.com/somematerial . If I enable App Transport Security in my application, the routing through the custom URL scheme is blocked, and I get this message:

App Transport Security has blocked the netartext HTTP resource (http: //) because it is unsafe. Temporary exceptions can be configured through your Info.plist application file.

However, if I disable ATS, the application will move as expected. I do not access any link via http in my application, and in my routing I always retrieve data via https. Therefore, I do not know why the ATS blocks this routing. Do you know if I need to provide more information about my URL scheme?

See my ATS configurations in Info.plist:

<key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoadsInWebContent</key> <true/> <key>NSExceptionDomains</key> <dict> <key>localhost</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> </dict>

I also included my own URL scheme:

 <key>LSApplicationQueriesSchemes</key> <array> <string>myappscheme</string> </array>
+5
source share
3 answers

This issue has been resolved. I left the endpoint where I ended up and checked if it met the requirements of ATS by running in the terminal:

 nscurl --ats-diagnostics https://www.example.com/

It turned out that the particular subdomain that I was trying to extract did not meet all the requirements of ATS. My server team fixed the problem and made the endpoint safe.

+1
source

I think the problem is with React Native, you mentioned that you use Safari as a source for custom links, and that probably means you're trying to debug the application and configure routing in Simulator, so maybe your problem is related to React Native. If you have the same behavior on a real device when React Native is offline, please update your question.

Temporarily disable the Transport Security (ATS) application by adding NSAllowsArbitraryLoads to your Info.plist file. Since ATS does not allow unsafe HTTP requests to IP addresses, you must completely disable it to run on the device. This is only a requirement for development on the device, and if you cannot get around the problem, you should leave ATS enabled for production builds. For more information, see this post when setting up ATS.

Real source documentation - running on device

0
source

Set up info.plist .

You can add a specific domain, for example:

 <dict> <key>NSAllowsArbitraryLoads</key> <true/> <key>NSExceptionDomains</key> <dict> <key>www.google.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSTemporaryExceptionMinimumTLSVersion</key> <string>TLSv1.1</string> </dict> </dict> </dict>
0
source

Source: https://habr.com/ru/post/1265285/

More articles:


All Articles