3

I am writing an application which is a python script that uses the pyobjc bindings to use the objc/cocoa runtime on the mac. The application (Présentation.app, a pdf presentation tool for the mac) uses a WebView to display arbitrary web pages.

Since Mac OS X 10.11, the App Transport Security prevents any non https web site to be loaded. This feature can be disabled (to re-enable the previous behaviour, i.e. arbitrary web page loading) by setting the NSAppTransportSecurity dict in the Info.plist as documented here.

However, my application is a script, and can be used from the command line without being bundled into a .app. In this case, it does not have an Info.plist.

I've read that I can add an Info.plist to a binary command line tool using the linker, but I need a solution for a python script…

Any suggestion on how to embed an Info.plist into a script? Or any solution to configure App Transport Security through an API rather than an Info.plist file?

rndblnch
  • 183
  • 1
  • 10

1 Answers1

3

Ok, I've found a way to disable App Transport Security from the script itself. It turns out that you can edit the info dictionary from the script after startup, and the changes will be considered. So at the beginning of the script, I've added:

from objc import YES
from AppKit import NSBundle
bundle = NSBundle.mainBundle()
info = bundle.localizedInfoDictionary() or bundle.infoDictionary()
info['NSAppTransportSecurity'] = {'NSAllowsArbitraryLoads': YES}

and that's it.

rndblnch
  • 183
  • 1
  • 10