Skip to main content
A
Anonymous
August 17, 2017
Answered

App Transport Security problem in 27.0beta

  • August 17, 2017
  • 2 replies
  • 1321 views

Hi Community,

I tried to update my existing AIR mobile app to 27.0 beta, and the app throws an App Transport Security error when calling HTTP resource. The app was tested using a desktop emulator.

In my AIR config file, I already added the following to InfoAdditions.

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
<dict>

I tried to revert back to SDK 26.0 and 25.0, both are working well.

Thanks for helping.

This topic has been closed for replies.
Correct answer

Hi Vivek,

I think I didn't explain it clearly, resulting in some misunderstanding, sorry about that first.

I was using IntelliJ Idea to code, compile and test the AIR application. I am not using the iOS Simulator on Mac. Is it because I try to test the app on Mac, that is why I should add those keys for AIR application for Mac platform instead of using the application descriptor?


I tried to download the latest Adobe AIR SDK 27.0 beta from Adobe Labs. The problem is resolved now. Can compile and launch the app successfully using IntelliJ Idea.

2 replies

Vivek Negi
Adobe Employee
Vivek Negi
Adobe Employee
August 29, 2017

Hi Vicker ,

Which AIR config file are you updating ? Are you talking about AIR application descriptor ?

You need to update info.plist ( with the key you mentioned in above thread )of your air application ( and not application descriptor ) if you want to allow insecure connection using your AIR apps.

-Vivek

Adobe AIR team

A
Anonymous
August 30, 2017

Thanks, Vivek.

Sorry for the naming, I meant AIR application descriptor like you've mentioned.

The application descriptor itself does have a section for iOS InfoAdditions, right? I suppose adding there should work, as previously the key NSAppTransportSecurity with NSAllowsArbitraryLoads true works very well.

Here are my full InfoAdditions for reference.

<InfoAdditions>
  <![CDATA[
  <key>UIDeviceFamily</key>
  <array>
       <!-- iPhone and iPod touch devices -->
       <string>1</string>
  </array>
  <key>UIPrerenderedIcon</key>
  <true/>
  <key>UIViewControllerBasedStatusBarAppearance</key>
  <true/>
  <key>UIStatusBarStyle</key>
  <string>UIStatusBarStyleBlackOpaque</string>
  <key>NSAppTransportSecurity</key>
  <dict>
       <key>NSAllowsArbitraryLoads</key>
       <true/>
       <key>NSExceptionDomains</key>
       <dict>
            <key>blahblah.com</key>
            <dict>
                 <key>NSExceptionAllowsInsecureHTTPLoads</key>
                 <true/>
                 <key>NSIncludesSubdomains</key>
                 <true/>
            </dict>
       </dict>
  </dict>
]]>
</InfoAdditions>
Vivek Negi
Adobe Employee
Vivek Negi
Adobe Employee
August 30, 2017

Hi Vicker,

You need to manually update info.plist with these keys for AIR application for mac platform ( and not by adding information on application descriptor like iOS ) . Please try this and let me know if it helps.

-Vivek

Adobe AIR Team

kylem91237550
kylem91237550
Participating Frequently
August 26, 2017

In the new beta, the App Transport Security SDKs were updated. One of the new security features is that insecure connection are rejected, meaning connections made to non-secure sites (HTTP) no longer work. You'll need to make sure you connect via HTTPS for the connection to work.

A
Anonymous
August 26, 2017

Thanks, kylem91237550.

iOS do support the use of whitelist using NSExceptionDomains. However, I tried it but failed.

So does it mean that from AIR 27 onwards, all connection must be using HTTPS?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices