4

I'm in the process of migrating from Parse's backend to the Parse-server on Heroku and MongoDB.

I had everything working smoothly (including loading PFFiles) with this new backend change, however, I'm now getting errors after adding the FACEBOOK_APP_ID parameter, however, that might not be the cause.

Whenever I try to load an PFFile (image) I'm getting the following messages in the log:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
2016-02-20 19:55:48.242 HoopMaps[35976:682425] [Error]: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. (Code: 100, Version: 1.12.0)
2016-02-20 19:55:48.243 HoopMaps[35976:682425] [Error]: Network connection failed. Making attempt 1 after sleeping for 1.730434 seconds.
2016-02-20 19:55:50.137 HoopMaps[35976:682402] [Error]: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. (Code: 100, Version: 1.12.0)
2016-02-20 19:55:50.138 HoopMaps[35976:682402] [Error]: Network connection failed. Making attempt 2 after sleeping for 3.460868 seconds.
2016-02-20 19:55:53.857 HoopMaps[35976:682403] [Error]: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. (Code: 100, Version: 1.12.0)
2016-02-20 19:55:53.857 HoopMaps[35976:682403] [Error]: Network connection failed. Making attempt 3 after sleeping for 6.921736 seconds.
2016-02-20 19:56:01.162 HoopMaps[35976:682821] [Error]: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. (Code: 100, Version: 1.12.0)
2016-02-20 19:56:01.162 HoopMaps[35976:682821] [Error]: Network connection failed. Making attempt 4 after sleeping for 13.843473 seconds.
2016-02-20 19:56:15.264 HoopMaps[35976:682785] [Error]: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. (Code: 100, Version: 1.12.0)

While I can disable ATS, this would be bad practice, and I'd much rather prefer HTTPS. In addition, the error code is "100" but I can connect to my server and retrieve objects and user data.

How can I load PFFiles using Parse-server while retaining the HTTPS?

Alec Kriebel
  • 192
  • 2
  • 10

2 Answers2

3

The best idea would be to get a SSL certificate for your API but if that's not possible a momentary workaround would be to add your domain as an exception for ATS.

This way, you won't need to disallow ATS completely (which is a bad practice as you pointed out), but your app will still allow insecure calls from your domain.

To do this open your Info.plist file and add App Transport Security Settings. Then select Exception Domains and add your domain to the list.

App Transport Security Settings

Exception Domains

This is how your Info.plist should look at the end:

Your domain

fdiaz
  • 2,600
  • 21
  • 27
0

Apple announced at WWDC 2016, that it will no longer accept Apps with App Transport Security Setting work-arounds, starting 2017.

Rodney Degracia
  • 1