network call fail n OS X app

ATS appears to be a 10.11 El Capitan feature:  https://developer.apple.com/library/mac/releasenotes/MacOSX/WhatsNewInOSX/Articles/MacOSX10_11.html

I don’t think Xcode versions will matter.

Ah, ok. So this is a real ATS problem.

Any idea what else to test?

Or is this something you are aware of?

I am testing without any provisioning profile, I chose ‘none’.

This might cause the problem?

Best,

Felix

First of all. Try connecting to an HTTPS address. If that works, its ATS and perhaps something’s not right in the build settings, or we may need to get an engineer to make sure the ATS settings are getting copied correctly. If it doesn’t work then we may have some other things to look at.

You need a provisioning profile.

The OP was trying to use Lua sockets to open a port directly.  If you have control over the website, then setup SSL so you can use https:// if you’re not encourage the website to setup https.

This will be a hard requirement by Apple as of December 2016. The build.settings overrides will be ignored after the release of macOS Sierra and iOS 10. You have to get a written approval from Apple to use unencrtyped web sites.  See:

https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/

http://www.techrepublic.com/article/wwdc-2016-apple-to-require-https-encryption-on-all-ios-apps-by-2017/

Now this is tangentially related. If you have control over your website and you’ve not added SSL support because of the documentation needed, the cost, the difficulty, then you need to check out:

https://letsencrypt.org/

Today, SSL certificates are free. They can be installed with as little as two clicks with some web hosting services (check the site to SSL, hit submit).  I was hosting my websites at a site that didn’t support SSL. I found a hosting company who did and would transfer my entire hosting account as part of the setup (after fighting a few glitches due to my old host not following some standards), after a day, I was up and SSL’s on every site hosted there (and at half the price!).  For my Digital Ocean account, I had to install a small script, and run it. Type in the domain names, I wanted to secure and the script did the rest.

Hello Rob, sorry for the delay.

I tried https://www.google.com and it works, even without provisioning profile.

I tried to create a provisioning profile and built the app again to connect to the unsecure url, but without success.

I will try and create a secure page to load, but it seems to me that there might be some problem with the App Transport Security settings on OSX Apps…

Best,

Felix

@Felix B. Can you post your build.settings please?

Can you confirm the version of Corona SDK you are running as well?

Thanks

Rob

Hei Rob, this is the build.settings:

-- -- For more information on build.settings see the Corona SDK Build Guide at: -- https://docs.coronalabs.com/guide/distribution/buildSettings -- settings = { orientation = { -- Supported values for orientation: -- portrait, portraitUpsideDown, landscapeLeft, landscapeRight default = "portrait", supported = { "portrait", }, }, excludeFiles = { -- Include only the necessary icon files on each platform iphone = { "Icon-\*dpi.png", }, android = { "Icon.png", "Icon-Small-\*.png", "Icon\*@2x.png", }, }, window = { -- Settings for the desktop window; applies to both OS X and Win32 desktop apps defaultMode = "normal", defaultViewWidth = 250, defaultViewHeight = 70, resizable = false, titleText = { -- The "default" text will be used if the system is using a language and/or -- country code not defined below. This serves as a fallback mechanism. default = "My App Name", -- This text is used on English language systems in the United States. -- Note that the country code must be separated by a dash (-). --["en‐us"] = "Window Title Test (English‐USA)", -- This text is used on English language systems in the United Kingdom. -- Note that the country code must be separated by a dash (-). --["en‐gb"] = "Window Title Test (English‐UK)", -- This text is used for all other English language systems. ["en"] = "My App Name", -- This text is used for all French language systems. --["fr"] = "Window Title Test (French)", -- This text is used for all Spanish language systems. --["es"] = "Window Title Test (Spanish)", }, }, osx = { entitlements = { ["com.apple.security.network.client"] = true, }, }, -- -- iOS Section -- iphone = { plist = { NSAppTransportSecurity = { --NSAllowsArbitraryLoads = true, NSExceptionDomains = { ["myDomain.com"] = { NSIncludesSubdomains = true, NSThirdPartyExceptionAllowsInsecureHTTPLoads = true, NSTemporaryExceptionMinimumTLSVersion = "1.0", NSTemporaryExceptionRequiresForwardSecrecy = false, NSAllowsArbitraryLoads = true, }, }, }, UIStatusBarHidden = false, UIPrerenderedIcon = true, -- set to false for "shine" overlay --UIApplicationExitsOnSuspend = true, -- uncomment to quit app on suspend NSHumanReadableCopyright = "Copyright © 2016 Antena 1", CFBundleIconFiles = { "Icon.png", "Icon@2x.png", "Icon-167.png", "Icon-60.png", "Icon-60@2x.png", "Icon-60@3x.png", "Icon-72.png", "Icon-72@2x.png", "Icon-76.png", "Icon-76@2x.png", "Icon-Small.png", "Icon-Small@2x.png", "Icon-Small@3x.png", "Icon-Small-40.png", "Icon-Small-40@2x.png", "Icon-Small-50.png", "Icon-Small-50@2x.png", }, }, }, -- -- Android Section -- android = { usesPermissions = { "android.permission.INTERNET", }, }, }

I actually tried a lot of combinations in the NSAppTransportSecurity table, without success.

The build I used to build the version with the provisioning profile is 2016.2913

Anything wrong in the build settings?

Thanks,

Felix

Can you add this block to the “osx” table:

 osx = { plist = { NSAppTransportSecurity = { --NSAllowsArbitraryLoads = true, NSExceptionDomains = { ["myDomain.com"] = { NSIncludesSubdomains = true, NSThirdPartyExceptionAllowsInsecureHTTPLoads = true, NSTemporaryExceptionMinimumTLSVersion = "1.0", NSTemporaryExceptionRequiresForwardSecrecy = false, NSAllowsArbitraryLoads = true, }, }, }, }, },

Hello Rob,

shame on me, and sorry for the trouble.

THis works, even without a provisioning profile…

(Whereas I had to enable arbitrary loads, so everything works fine, the settings above caused something in the page to be blocked so it did not load…)

Anyway, thank you a lot!

Felix

See: https://coronalabs.com/blog/2015/09/17/about-app-transport-security-ats/

That might fix it.

Rob

Thank you Rob, I set NSAllowsArbitraryLoads to true but this did not solve the problem. 

Any clues?

Here is my build.settings. 

settings = { osx = { plist = { NSAppTransportSecurity = { NSAllowsArbitraryLoads = true, }, }, }, orientation = { default = "landscapeRight", supported = { "landscapeLeft", "landscapeRight", }, }, window = { defaultMode = "normal", enableCloseButton = true, enableMaximizeButton = true, enableMinimizeButton = true, suspendWhenMinimized = true, resizable = true, titleText = { default = "My App" }, }, }

I tried to connect to port 443 (work sur with dev profile) but did not work when built for the Apple Store.

Can someone help on this?

Can someone confirm, this is working in osX apps submitted with an Apple Store provisioning profile.

Should I file a bug ?

Here is our build.settings that work.

Please note the NSExceptionDomains.

We also call PHP on our domain ubj3d.com and the above solved our problem.

 osx = { plist = { NSHumanReadableCopyright = "Copyright 2016 by Damir Kranjcec.", NSAppTransportSecurity = { NSExceptionDomains = { ["ubj3d.com"] = { NSIncludesSubdomains = true, NSThirdPartyExceptionAllowsInsecureHTTPLoads = true }, ["facebook.com"] = { NSIncludesSubdomains = true, NSExceptionRequiresForwardSecrecy = false, NSThirdPartyExceptionAllowsInsecureHTTPLoads = true }, }, }, }, }

Hello, thank you for the reply.

However, when I build with an Apple Production provision profile (with code signing identities) the network calls do not work.

Are you getting any errors in your console log? See https://forums.coronalabs.com/topic/62935-how-to-get-logs-for-macosx/ for how to get to the console log for desktop builds.

Rob

I’m unaware of any issues with OS X and networking. The ATS stuff is really for iOS. I don’t think Apple is forcing ATS on OS X apps (I missed this was an OS X post earlier).

Can you break down your network.request to a simple sample app and try that?

Rob

Here is a sample app that exhibits the problem :

NetworkConnection.zip

When built with an Apple Production provision profile (with code signing identities) network calls does not work.

There are no error messages in the log. The call to the function networkConnectivity returns false.

While this is tangential to your problem, its worth knowing that there are several networking “things” we are working on. We have to get the OpenSSL plugin patched up to the latest version due to security issues Google is flagging. Apple wants IPV6 support sooner than later and so on. We have several moving parts going on address these concerns.

I was expecting today’s Daily Build to have the new socket library in place, but it looks like it’s still yesterday’s build out there. After daily build 2880 and later posts, there should be a new socket library. This may solve your specific issue. Then again, it may not. Before I have you file a bug report on this, I would like to see if it got fixed already.

So watch for 2880 to post (or later) and see if the problem still exists. If it does, then use your sample project and file a bug report using the “Report a bug” link at the top of this page. Make sure to paste the URL of this thread into the bug report’s description field as you describe the issue in detail to the engineers.  Once you submit the bug, you will get an email with a CaseID in the subject, please post that back here as a reference.  Lets see if it gets fixed first though.

Rob

Tried with build 2883 and still not working.

Case 45925 submitted

Any news on this case ?