You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apple is making ATS exceptions more strict to app developers (see https://forums.developer.apple.com/thread/48979). Still exceptions are possible developers need reasonably justifications.
Due to the fact that the head unit delivers URLs for policy tables, lock screen icons etc. those head units may still deliver HTTP based URLs.
The SDK should fix this issue by "auto repeat over https" in case a http request failed. This would allow a head unit to try at least once to fetch the data over the original URL before it retries it over https. This would make it necessary to put effort and alter the logic inside the SDK.
Example from SDLProxy.m:469 (4.1.4 release):
- (void)handleSystemRequestLockScreenIconURL:(SDLOnSystemRequest *)request {
+ NSURL *url = [NSURL URLWithString:request.url];
- [[SDLURLSession defaultSession] dataFromURL:[NSURL URLWithString:request.url]
+ [[SDLURLSession defaultSession] dataFromURL:url
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error != nil) {
NSString *logMessage = [NSString stringWithFormat:@"OnSystemRequest failure (HTTP response), download task failed: %@", error.localizedDescription];
[SDLDebugTool logInfo:logMessage withType:SDLDebugType_RPC toOutput:SDLDebugOutput_All toGroup:self.debugConsoleGroupName];
+ if ([url.scheme isEqualToString:@"http"]) {
+ NSURLComponents *components = [NSURLComponents componentsWithURL:url resolvingAgainstBaseURL:YES];
+ components.scheme = @"https";
+ request.url = components.string; // this alters the original request which could be just copied before
+ [self handleSystemRequestLockScreenIconURL:request]; // weakify & strongify missing in this example
+ }
return;
}
UIImage *icon = [UIImage imageWithData:data];
[self invokeMethodOnDelegates:@selector(onReceivedLockScreenIcon:) withObject:icon];
}];
}
As an alternative any URL related request could be modified directly to https before fetching any data. This would reduce the effort for this issue to almost nothing. Then technically the SDK would not fetch data over the exact URL (this can be accepted as it's still contacting the same host).
Bug Report
Apple is making ATS exceptions more strict to app developers (see https://forums.developer.apple.com/thread/48979). Still exceptions are possible developers need reasonably justifications.
Due to the fact that the head unit delivers URLs for policy tables, lock screen icons etc. those head units may still deliver HTTP based URLs.
The SDK should fix this issue by "auto repeat over https" in case a http request failed. This would allow a head unit to try at least once to fetch the data over the original URL before it retries it over https. This would make it necessary to put effort and alter the logic inside the SDK.
Example from SDLProxy.m:469 (4.1.4 release):
As an alternative any URL related request could be modified directly to https before fetching any data. This would reduce the effort for this issue to almost nothing. Then technically the SDK would not fetch data over the exact URL (this can be accepted as it's still contacting the same host).
Example:
OS & Version Information
The text was updated successfully, but these errors were encountered: