Error while opening an HTTPS link through WebView - facebook

I try to open a WebView on https://facebook.com in my React Native app and get the following error:
Encountered an error on loading page: {"target": 419, "description": "An SSL error has occured and a secured connection to the server cannot be made"...}
I'm testing on an iPhone Xr emulator.
What could I be doing wrong?
Here is the line
<WebView injectedJavaScript={jscode} source={{ uri: viewUri }} />

Add following lines in Info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>

Related

default TLS Trust evaluation failed for iOS development with webapis on local machine listening to the IP

I am new to iOS/SwiftUI development but am trying to develop an app and webapis on my MacBook Pro. I am using VSCode and C# on the backend and calling the webapis from the iPhone simulator.
I have a localhost certificate in my Keychain with a Subject Alternative Name of the ip for my local machine (10.0.0.5). I have this working with Android using 10.0.2.2 (emulator localhost for computer hosting the emulator), so I know it does work.
I can also run the API from the browser using 10.0.0.5 and get the results.
When I run from the simulator I get these error:
2022-01-15 18:05:03.352411-0500 TestApp[24757:274897] [Unknown process
name] copy_read_only: vm_copy failed: status 1. calling loadData...
loading data... 2022-01-15 18:05:06.008842-0500 TestApp[24757:274902]
Connection 1: default TLS Trust evaluation failed(-9807) 2022-01-15
18:05:06.009049-0500 TestApp[24757:274902] Connection 1: TLS Trust
encountered error 3:-9807 2022-01-15 18:05:06.009148-0500
TestApp[24757:274902] Connection 1: encountered error(3:-9807)
2022-01-15 18:05:06.010008-0500 TestApp[24757:274902] Task
<17311174-24FF-403A-AA1B-4894D097FB41>.<1> HTTP load failed, 0/0 bytes
(error code: -1202 [3:-9807]) 2022-01-15 18:05:06.013874-0500
TestApp[24757:274896] Task <17311174-24FF-403A-AA1B-4894D097FB41>.<1>
finished with error [-1202] Error Domain=NSURLErrorDomain Code=-1202
"The certificate for this server is invalid. You might be connecting
to a server that is pretending to be “10.0.0.5” which could put your
confidential information at risk."
UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to
the server anyway?, _kCFStreamErrorDomainKey=3,
NSErrorPeerCertificateChainKey=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" ), NSErrorClientCertificateStateKey=0,
NSErrorFailingURLKey=https://10.0.0.5:5001/WeatherForecast,
NSErrorFailingURLStringKey=https://10.0.0.5:5001/WeatherForecast,
NSUnderlyingError=0x6000023c6490 {Error Domain=kCFErrorDomainCFNetwork
Code=-1202 "(null)"
UserInfo={_kCFStreamPropertySSLClientCertificateState=0,
kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600001c58500>,
_kCFNetworkCFStreamSSLErrorOriginalValue=-9807, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x7fbef400f200) s: localhost i: localhost>" )}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>" ), _kCFStreamErrorCodeKey=-9807, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <17311174-24FF-403A-AA1B-4894D097FB41>.<1>,
NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600001c58500>,
NSLocalizedDescription=The certificate for this server is invalid. You
might be connecting to a server that is pretending to be “10.0.0.5”
which could put your confidential information at risk.} Invalid data
I followed the instructions from this post to put the NSExceptionDomain I am using. I am having trouble digesting the Overriding TLS Chain Validation Correctly. I followed this thread on Swift 5.1 UIWebView Does not View URL because of untrusted Certificate as well. Also, iOS app ignoring NSAppTransportSecurity.
My Info.plist has this in it:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>https://10.0.0.5:5001/WeatherForecast</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
I tried a variety of combinations for the key from 10.0.0.5 to https://10.0.0.5:5001/WeatherForecast.
UPDATE
I tried this Domain=NSURLErrorDomain Code 1202 as well, exporting the .cer from keychain and installing it on the emulator, but I still get the same error:

ATS Error: "ATS policy requires the use of a secure connection", despite plist

I'm trying to make a request for an http domain, and despite having
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>my-private-domain.kubernetes.intranet%2f:9090</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
at my info.plist for the app target, XCode 12.5.1 keeps me showing the error
Task <C5F9EA01-9790-43ED-89B0-EE07341B4D84>.<4> finished with error [-1022] Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
I needed to perform this request after updating to 12.5.1 and also tried Clean Build Folder and removing-reinstalling the app. Does someone knows if it's a policy change? (maybe only HTTPS are now allowed even in non-production targets?). The answers I found here only cites NSAllowsArbitraryLoads, NSExceptionDomains, NSExceptionMinimumTLSVersion/NSTemporaryExceptionMinimumTLSVersion and NSThirdPartyExceptionRequiresForwardSecrecy. There's something more?
Because your info.plist includes the NSAllowsArbitraryLoadsInWebContent key, the NSAllowsArbitraryLoads is ignored and treated as false. So removing the NSAllowsArbitraryLoadsInWebContent should allow all arbitrary loads.
Relevant section from Apple docs:
In iOS 10 and later and macOS 10.12 and later, the value of the
NSAllowsArbitraryLoads key is ignored—and the default value of NO used
instead—if any of the following keys are present in your app’s
Information Property List file:
NSAllowsArbitraryLoadsForMedia
NSAllowsArbitraryLoadsInWebContent
NSAllowsLocalNetworking

Flutter - Insecure socket connections are disallowed by platform: 10.0.2.2

Since today whenever I try to login my application I get the following error thrown by the Dio package: SocketException: Insecure socket connections are disallowed by platform: 10.0.2.2
I use the following settings to connect:
static BaseOptions options = new BaseOptions(
baseUrl: "http://10.0.2.2:3000", // on android emulator
connectTimeout: 5000,
receiveTimeout: 3000)
And consequently something along the lines of (where I have authentication set-up and functioning properly at /user/login):
var apiLogin = api.dio;
try {
Response response = await apiLogin.post("/user/login",
options: Options(contentType: "application/json"),
data: {"email": email, "password": password});
} on DioError catch (e) {
throw Exception([e]);
}
I have a Node server running on port 3000 which is connected to (containerized) mongodb. When trying the authentication, it immediately has the DioError and I haven't been able to find the cause anywhere online.
Does anyone know what this error is related to?
EDIT [ANSWER]
Thanks to #lyrics for pointing me in the right direction:
From API level 27 and higher, usesCleartextTraffic defaults to false, consequently blocking outgoing http requests, requiring HTTPS.
The solution was to add the following to AndroidManifest.xml:
<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:usesCleartextTraffic="true"
...>
...
</application>
</manifest>
as stated in stackoverflow answer
source: https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic
I have a similar issue with Flutter running on ios Simulator and Android emulator:
SocketException: Insecure socket connections are disallowed by platform:
Inside the Flutter project go to :
To enable in Ios:
ios folder -> runner folder -> info.plist
Then add the following lines to enable HTTP requests:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
To enable in Android:
Android folder -> app -> src -> main -> AndroidManifest.xml
Add this permission:
<uses-permission android:name="android.permission.INTERNET"/>
then add the following line inside application tag:
android:usesCleartextTraffic="true"
First add-in AndroidManifest file
add this line in the end before closing tag
<uses-permission android:name="android.permission.INTERNET" />
add this line in the beginning
find this tag and add it first in it
<application
android:usesCleartextTraffic="true"
It seems you newly upgraded to Android 10, Well you probably didn't know that HTTPS is the default connection protocol starting with Android 9 and that all connection not using Https will fail.
Read more https://developer.android.com/training/articles/security-config.html
See this answer here
https://stackoverflow.com/a/50834600/6467637
I was making a call to-
Response response = await get('http://worldtimeapi.org/api/timezone/Asia/Kolkata');
Instead of http I simply replaced it to https and it was fixed.
The new request was-
Response response = await get('https://worldtimeapi.org/api/timezone/Asia/Kolkata');
This fixed the issue for me.

HTTP or HTTPS Error

I was wondering should I put a s behind the http in this url, because I keep getting an error.
Here is the code.
("http://query.yahooapis.com/v1/public/yql?q=select
Yes, you should prefer the HTTPS version if possible.
However, I believe the error you are getting is not because of HTTPS, it's actually an error with your request
<?xml version="1.0" encoding="UTF-8"?>
<error xmlns:yahoo="http://www.yahooapis.com/v1/base.rng" yahoo:lang="en-US"><description>Query syntax error(s) [line 1:6 expecting fields_or_star got ' ']</description></error>
Apple has made the change that you have to use HTTPS or enter an exception in your info.plist.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
This allows all http traffic, but I would suggest strongly to only do this for testing.
See this Apple document.

Reason of an SSL error in Swift 2 and iOS9

I got the following error while establishing an HTTPs (Secure HTTP) connection in Swift 2 and iOS9:
[NSLocalizedDescription: An SSL error has occurred and a secure connection to the server cannot be made., NSLocalizedRecoverySuggestion: Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey: 3, NSUnderlyingError: Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorCodeKey=-9802, _kCFStreamErrorDomainKey=3, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x175bc540>, kCFStreamPropertySSLPeerCertificates=<CFArray 0x175bd200 [0x3c11cca8]>{type = immutable, count = 1, values = (
0 : <cert(0x175bbf90) s: example.com i: example.com>
)}}, _kCFStreamErrorCodeKey: -9802, NSErrorFailingURLStringKey: https://example.com.com:pppp/, NSErrorPeerCertificateChainKey: (
"<cert(0x175bbf90) s: example.com i: example.com.com>"
), NSErrorClientCertificateStateKey: 0, NSURLErrorFailingURLPeerTrustErrorKey: <SecTrustRef: 0x175bc540>, NSErrorFailingURLKey: https://example.com:pppp/]
I want to know the exact exact reason of this issue and how can I find exact reason of an SSL issue?
I got the following output from curl command:
I also did the following changes in info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Still I am getting error in app and not able to connect to server.
Please anyone can give me an example or link for implementing SSL pinning with self signed certificate in iOS 9 and Xcode 7.