Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP limitation with ATS #432

Closed
kshala-ford opened this issue Aug 16, 2016 · 2 comments · Fixed by #436 or #438
Closed

HTTP limitation with ATS #432

kshala-ford opened this issue Aug 16, 2016 · 2 comments · Fixed by #436 or #438
Labels
bug A defect in the library
Milestone
4.6.0

Comments

@kshala-ford
Copy link
Contributor

Bug Report

Apple is making ATS exceptions more strict to app developers (see https://forums.developer.apple.com/thread/48979). Still exceptions are possible developers need reasonably justifications.

Due to the fact that the head unit delivers URLs for policy tables, lock screen icons etc. those head units may still deliver HTTP based URLs.

The SDK should fix this issue by "auto repeat over https" in case a http request failed. This would allow a head unit to try at least once to fetch the data over the original URL before it retries it over https. This would make it necessary to put effort and alter the logic inside the SDK.

Example from SDLProxy.m:469 (4.1.4 release):

 - (void)handleSystemRequestLockScreenIconURL:(SDLOnSystemRequest *)request {
+    NSURL *url = [NSURL URLWithString:request.url];
-     [[SDLURLSession defaultSession] dataFromURL:[NSURL URLWithString:request.url]
+     [[SDLURLSession defaultSession] dataFromURL:url
                                completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                    if (error != nil) {
                                        NSString *logMessage = [NSString stringWithFormat:@"OnSystemRequest failure (HTTP response), download task failed: %@", error.localizedDescription];
                                        [SDLDebugTool logInfo:logMessage withType:SDLDebugType_RPC toOutput:SDLDebugOutput_All toGroup:self.debugConsoleGroupName];
+                                       if ([url.scheme isEqualToString:@"http"]) {
+                                           NSURLComponents *components = [NSURLComponents componentsWithURL:url resolvingAgainstBaseURL:YES];
+                                           components.scheme = @"https";
+                                           request.url = components.string; // this alters the original request which could be just copied before
+                                           [self handleSystemRequestLockScreenIconURL:request]; // weakify & strongify missing in this example
+                                       }    
                                        return;
                                    }

                                    UIImage *icon = [UIImage imageWithData:data];
                                    [self invokeMethodOnDelegates:@selector(onReceivedLockScreenIcon:) withObject:icon];
                                }];
 }

As an alternative any URL related request could be modified directly to https before fetching any data. This would reduce the effort for this issue to almost nothing. Then technically the SDK would not fetch data over the exact URL (this can be accepted as it's still contacting the same host).

Example:

 - (void)handleSystemRequestLockScreenIconURL:(SDLOnSystemRequest *)request {
+   NSURLComponents *components = [NSURLComponents componentsWithString:request.url];
+   if ([components.scheme isEqualToString:@"http"]) {
+       components.scheme = @"https";
+   }
+   NSURL *url = components.URL;
-   [[SDLURLSession defaultSession] dataFromURL:[NSURL URLWithString:request.url]
+   [[SDLURLSession defaultSession] dataFromURL:url
                              completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                  if (error != nil) {
                                      NSString *logMessage = [NSString stringWithFormat:@"OnSystemRequest failure (HTTP response), download task failed: %@", error.localizedDescription];
                                      [SDLDebugTool logInfo:logMessage withType:SDLDebugType_RPC toOutput:SDLDebugOutput_All toGroup:self.debugConsoleGroupName];
                                      return;
                                  }

                                  UIImage *icon = [UIImage imageWithData:data];
                                  [self invokeMethodOnDelegates:@selector(onReceivedLockScreenIcon:) withObject:icon];
                            }];
 }
OS & Version Information
  • iOS Version: Any (it's not iOS10 specific)
  • SDL iOS Version: 4.1.4
@joeljfischer joeljfischer added bug A defect in the library high priority labels Aug 16, 2016
@joeljfischer joeljfischer added this to the 4.1.X milestone Aug 16, 2016
@joeljfischer joeljfischer reopened this Aug 18, 2016
joeljfischer added a commit that referenced this issue Aug 18, 2016
@joeljfischer
Change HTTP alerting in SDLURLSession to use NSURLComponents
0d3dce6 
Fixes #432
@joeljfischer joeljfischer mentioned this issue Aug 18, 2016
Merged
@joeljfischer
Copy link
Contributor

DANG IT

@joeljfischer joeljfischer reopened this Aug 22, 2016
@joeljfischer
Copy link
Contributor

joeljfischer commented Aug 22, 2016
edited

Currently, HTTPS uploads will fail on 4.2.2.

@joeljfischer joeljfischer mentioned this issue Aug 22, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A defect in the library
Projects
None yet
Milestone
4.6.0
2 participants
@joeljfischer @kshala-ford