POST request error: NSURLConnection HTTP load failed iOS 10 - swift3

I'm new to iOS programming. I want to connect my app to my web service (HTTPS).
Why is XCode telling me this error when I run POST request with 'Alamofire 4.0' in iOS 10?
This error doesn't appear when I use iOS 9 simulator. I've tried various ways as people say on stackoverflow and none of them solved my problem.
Update:
I have added this inside my info.plist, and still get the same error.
How to implement ATS in iOS 10?
Thanks in advance.

In my case, I changed the SSL certificate on my API domain with the trusted one as mentioned by Apple in this link.

App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.
If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file.
Please for more details refer Apple Document.
You need to do changes inside your Info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
open Info.plist file like
Add TransportSecurity inside
or

Check your Mobile network, Mostly this is the reason.

Related

Expo publish - using a cached project alert

I wanted to make my app accessible without local connection via expo publish. After running the command i successfully get a link to the project page. But if i try to open the app via the project page in Expo Go, it displays this alert:
The project is loaded on my device(i suppose it is because it is cached in my device), but it is not opening for anyone else. How to load it with network instead of cache? My network is connected even though the alert tells to check it.
It was my mistake, had to go through the expo documentations to find a guide that simply states:
Invite your teammate to the Expo account that owns the project.
I thought since the project privacy is set to public, this was not mandatory. It is.
I had this problem today - for me the issue was being on a public WiFi network (at a co-working space) that I think must have some kind of network filtering that presumably blocked fetching new Expo packages.
Switching WiFi off on my phone and using cellular resolved the issue.

How to make Django pass cookies when communicating with Node.js server using socket.io?

I am currently developing an instant messaging feature for my apps (ideally cross platform mobile app/web app), and I am out of ideas to fix my issue.
So far, I have been able to make everything work locally, using a Node.js server with socket.io, django, and redis, following what most tutorials online suggest.
The step I am now at consists in putting all that in the cloud using amazon AWS. My Django server is up and running, I created a new separate Node.js server, and I am using Elasticache to handle the Redis part. I launch the different parts, and no error shows up.
However, whenever I try using my messaging feature on the web, I keep getting an error 500:
handshake error
I then used the console to check the request header, and I observed that the cookies are not in there, contrary to when I am on localhost. I know it is necessary to authorize the handshake, so I guess that's where my error is coming from..
Furthermore, I have also checked that the cookies do exist, they are just not set in the request header.
My question is then: How can I make sure Django or socket client (not sure who's responsible here..) puts the cookies in the header??
One of my ideas was that maybe I am supposed to put everything on the same server, with different ports, instead of 2 separate servers? Documentation on that specific architecture problem is surprisingly scarce, compared to the number of tutorials describing how to make it work on local.
I hope I described the problem accurately enough! :)
Important note: I am using socket.io v0.9.1-1, only one compatible with a titanium mobile app.
Thank you for any help!
All right, so I've made some progress.
The cookie problem came from the fact I was making cross-domain request, adding a few lines enabled CORS, which didn't solve the cookie issue, but allowed me to communicate between servers (basically I set the headers of the response using express. I then passed necessary data in the query, even if not the most secure way to do it, I'm just building an MVP, and it's enough for now.
I haven't been able to make the chat work from my Titanium mobile app, but since I can use a webview to handle it, I will be fine.
Hopefully that will help someone.. If anyone needs me to post some code snippets I will gladly do so upon request!
Cheers

Secure browsing is not supported in my app

I have an old application that I'd like to get running again. I've updated the Facebook PHP-sdk to the latest version (I think) and everything is working for most users. Except those using secure browsing.
My app simply tell me that:
This application does not yet support secure browsing (HTTPS).
How do I fix this? I've looked though all the settings in the app-page and I can't figure it out.
You need to purchase and setup an SSL certificate and then plug your https url into your app's settings page. See their migration guide where it says this is now required.

Is it possible to integrate Kerberos authentication into Jetty 6?

We currently have an application that runs an embedded jetty 6.1.14 server to which we need to add authentication via Kerberos. I'm new to Kerberos, which makes the task about 100x harder that maybe it should be. I've scoured the internet and have found conflicting reports as to whether or not it is even possible but nothing much to provides guidance as to how to proceed.
I've managed to have the server basically be able to authenticate the users via kerberos but can't find away to have the client automatically send its kerberos ticket: I have to use the from auth-method, though there are hints that this may be using filters, which are very poorly documented.
My question - and I apologize for it being a bit vague, I've not been this exasperated in quite a long time - is to request some guidance for plugging in kerberos authentication without login forms in Jetty 6? Or am I just out of luck? Has anyone added this type of authentication to jetty 6?
If Jetty supports Servlet Filters (JSR-53), then this open source project http://spnego.sourceforge.net might be what you are looking for.
You have to prepare your domain environment first. Make sure that your server if part of your domain (joined it). Then you have to create an machine account and assign an SPN. If you have done that, create a keytab for that account. From now on a client will be able to search for the host in the domain and create a ticket for. Then comes Jetty into play.

Is there a way to bind my flex builder to my django application

I am trying to create simple flex application, which uses django as a back-end part. Have a question:
Usually when I run my application Flex Builder creates a file in a directory on my local PC and then opens a browser and points to it. Everything was fine, but when I decided to link django server to flex applications via xml data providers I started to get security errors. (Related to absence of crossdomain.xml). When I created the file and put it on the server:
<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="http://127.0.0.1:8000"/>
<allow-access-from domain="127.0.0.1"/>
</cross-domain-policy>
Then tried the application again, I got error in console of my FB Error: Request for resource at http://127.0.0.1:8000/go/active/ by requestor from file:///Users/oleg/Documents/FB3/usersList/bin-debug/usersList.swf is denied due to lack of policy file permissions.
I don't know how to fix the error. But also the question is there a way to configure FB3 to put my swf files to the server directly, so I will not need any crossdomain?
Thanks
Oleg
We struggled with this a lot. The Flex security stuff didn't strike me as well built, but perhaps we just had different approaches in mind than Adobe's developers. The solution that worked for us was to serve both the SWF and the dynamic data from the same host and port.
On our development boxes, we tell Apache to serve the SWF from a directory in the workspace, and the dynamic data from a local copy of the app. When we push to production, SWF and app get pushed simultaneously to the same virtual host.
If that's inconvenient for you, the Apache ProxyPass directive can be used to make Apache front for other servers. I've not used that in production, but it's been very handy for developer setups.
I don't know a way to get FlexBuilder to automatically deploy your changed SWF; you could certainly look into an automation approach (like Maven and Flex-Mojos) to make that happen.
That said, getting rid of that error is usually just a matter of adding a policy file to the server.
The second error is caused because you're trying to fetch http resources from a "file" location. My recommendation is that you change your Flex Builder project so it outputs to a location within the Django web site, rather than to the flex-bin directory. This setting can be changed in the properties dialog of the project. Then, you should be able to have your front-end and back-end share the same protocol and domain.