What are causes of networkURLUnauthorized in a message filter extension

Question

Created Jan ’25

Replies 3

Boosts 0

Participants 2

I'm getting ILMessageFilterError.networkURLUnauthorized returned in a message filter extension when calling deferQueryRequestToServer().

Googling for people who have had the same error, they didn't include the associated domain in the containing app. However I have added that.

The server is set up at https://something.com:443, it has an apple association file located at https://something.com:443/.well-known/apple-app-site-association

I have added associated domains to the app and the app extension of: messagefilter:something.com?mode=developer</string> webcredentials:something.com?mode=developer</string>

Side question 1: are both needed or just the messagefilter? Side question 2: should the domain include the port :443?

The server isn't publicly hosted hence I've appended ?mode=developer on the end as per the documentation.

The extension's info.plist has ILMessageFilterExtensionNetworkURL added as something.com

Question 3: Does this need the port adding too?

With everything set up according to the documentation, apart from the questions above, what might be the cause of getting networkURLUnauthorized returned?

Boost

Answer 1

Mr. Pooarse OP

Jan ’25

In the associated domains section of the app I have tried every possible combination:

https://something.com:443?mode=developer https://something.com?mode=developer something.com:443?mode=developer something.com?mode=developer

The device is in developer mode and in the server's apple-app-site-association file the app's team id.bundle is specified.

I still keep getting Network URL Unauthorized when the message filter extension calls deferQueryRequestToServer().

What else can I try?

0

Answer 2

Engineer OP

Apple

Jan ’25

For ILMessageFilterExtensionNetworkURL, the value should be the exact URL to use for network requests.

The error networkURLUnauthorized is thrown when your app isn't authorized to to defer requests.

You can also use Console.app to monitor your processes and see if additional information is wielded, such as a line for "Using URL <The URL you provided> for network request" to ensure the information is being provided correctly.

0

Answer 3

Mr. Pooarse OP

Jan ’25

@Engineer

Thank you for the response. I can see that the correct url is being used.

The url for the server is https://myurl.com:443.

For the ILMessageFilterExtensionNetworkURL I'm setting https://myurl.com

I see this logging occurring:

default  12:51:36.443361-0800  com.apple.IdentityLookup.MessageFilter  Using URL https://myurl.com for network request

default  12:51:36.444025-0800  com.apple.IdentityLookup.MessageFilter  Got SWC details for specifier { s = messagefilter, a = MV8J9D3236.com.myAppBundle, d = https://myurl.com
}

error  12:51:36.444103-0800  com.apple.IdentityLookup.MessageFilter  Extension's containing app (appID MV8J9D3236.myAppleBundle) unauthorized to defer requests to host https://myurl.com

Within the app's and extension's associated domains has https://myurl.com?mode=developer specified (as the url isn't public).

On app installation, I don't see swcd logging any errors.

But I'm still seeing networkURLUnauthorized when the extension defers to network.

The server url is https://myurl.com:443, I don't know if the port needs to be specified in the domains and ILMessageFilterExtensionNetworkURL or not, however I've tried it both ways and it doesn't make any difference.

Any other suggestions of things to look at?

thank you

0