ATS blocking a valid https request

Question

Created Jun ’20

Replies 3

Boosts 0

Views 1.6k

Participants 3

Let me start by saying this issue is probably something I'm doing incorrectly.... Xcode 11.4.1, Simulator is an iPhone 8 with iOS 13.4

The following error is thrown, even though I believe I've created a valid https request.

Error:

Code Block P (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
2020-06-25 15:26:01.992051-0700 test[3593:161973] Cannot start load of Task <E2C01EF1-C4B8-40F7-AC1A-6791EC0BC5F1>.<1> since it does not conform to ATS policy
2020-06-25 15:26:01.998607-0700 test[3593:161974] Task <E2C01EF1-C4B8-40F7-AC1A-6791EC0BC5F1>.<1> finished with error [-1022] Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x600003b73120 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://xxxxx, NSErrorFailingURLKey=http://xxxxxx, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}

Code to create URL and start task:

Code Block        let utfValue = "✓"
       let q = ""
       let location = ""
       let nearby = "true"
        let lat = String((currentLocation?.coordinate.latitude)!)
        let lng = String((currentLocation?.coordinate.longitude)!)
        rawLng = currentLocation?.coordinate.longitude as! CLLocationDegrees
        rawLat = currentLocation?.coordinate.latitude as! CLLocationDegrees
        var urlComponents = URLComponents()
       urlComponents.scheme = "https"
       urlComponents.host = "xxxxx.com"
      urlComponents.path = "/search"
        urlComponents.queryItems = [
           URLQueryItem(name:"utf8", value: utfValue),
           URLQueryItem(name:"q", value: q),
           URLQueryItem(name:"location", value: location),
           URLQueryItem(name:"nearby", value: nearby),
           URLQueryItem(name:"lat", value: lat),
           URLQueryItem(name:"lng", value: lng),
       ]
        print(urlComponents.url?.absoluteString)
        let task = URLSession.shared.dataTask(with: (urlComponents.url!)) { (data, response, error) in
           if let data = data,
        let rawWebResults = String(data: data, encoding: .utf8){
               //print("here")
           }
    }
        task.resume()

When I print the URL, it is valid and contains the https, but it seems like when the URLSession is using it, its interpreting it as http.

Thanks,

Tim

Boost

Answer 1

Frameworks Engineer OP

Apple

Jun ’20

Can you implement the delegate for HTTP redirection (willPerformHTTPRedirection)? Details can be found here - https://developer.apple.com/documentation/foundation/nsurlsessiontaskdelegate/1411626-urlsession?language=objc

Your initial task started with a secure scheme but you may be getting redirected to a cleartext endpoint

1

Answer 2

tbelcher98 OP

Jun ’20

Thank you for the suggestion. Before implementing it, I ended up add "www." to the urlComponents.host and that seemed to clear it up.

0

Answer 3

DTS Engineer OP

Apple

Jun ’20

I ended up add www. to the urlComponents.host and that seemed to clear it up.

Hmmm. It sounds like the domain without the www has an HTTPS to HTTP redirect. Is this server controlled by your organisation? If so, you should file an issue with your server admins (while you have a workaround, this redirect may cause problems for others).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

0