search

benjreinhart / react-native-aws3

Pure JavaScript React Native library for uploading to AWS S3
MIT License
399 stars 151 forks source link

iOS NSAppTransportSecurity #8

Closed phoenixbox closed 8 years ago

phoenixbox commented 8 years ago

Hey there,

Im getting a networking error when trying to upload to S3 from my react-native app running on my device.

Error

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)

From Googling around there are suggestions to add the AWS domains to the NSExceptionDomains in the info.plist. Ive tried the following xml in the plist but am still experiencing the same issue.

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
  <key>NSExceptionDomains</key>
  <dict>
    <key>amazonaws.com</key>
    <dict>
      <key>NSThirdPartyExceptionMinimumTLSVersion</key>
      <string>TLSv1.0</string>
      <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
      <false/>
      <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
      <false/>
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>1.0</string>
      <key>NSIncludesSubdomains</key>
      <true/>
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
    </dict>
    <key>amazonaws.com.cn</key>
    <dict>
      <key>NSThirdPartyExceptionMinimumTLSVersion</key>
      <string>TLSv1.0</string>
      <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
      <false/>
      <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
      <false/>
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>1.0</string>
      <key>NSIncludesSubdomains</key>
      <true/>
    </dict>
  </dict>
</dict>

What NSAppTransportSecurity do you use for uploading to S3?

benjreinhart commented 8 years ago

Thanks for the issue...

What version of RN are you using and how old is your RN app (issue I linked below looks like it had issues with older versions of RN)?

My app's NSAppTransportSecurity key in my info.plist file is empty.

<key>NSAppTransportSecurity</key>

I did see this issue on a quick google search, looks like some other people have some solutions for something similar.

If you find a fix, can you post what worked for you on this thread for anyone else who might encounter it?

phoenixbox commented 8 years ago

@benjreinhart Hey 👋 there, Im on react-native 0.29

so I tried again, when NSAppTransportSecurity is empty then the Simulator cant connect to localhost so I added the selected fix to the info.plist which is

    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>localhost</key>
            <dict>
                <key>NSTemporaryExceptionAllowsInsecureHTTPSLoads</key>
                <false/>            
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>1.0</string>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>

When using that and the sample code, the error persists:

 NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Not sure whats going on 😟

Do you happen to have a public repo RN app which uses your lib that you could share? I could clone and see if I can get to work on my local machine?

phoenixbox commented 8 years ago

@benjreinhart so I fixed the issued I was experiencing.

This error:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Was due to an untrusted local react-native server development certificate:

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “${YOUR_BUCKET_NAME}.s3.amazonaws.com” which could put your confidential information at risk.

To which there is an advised:

Solution Repo

benjreinhart commented 8 years ago

@phoenixbox very nice, thank you for the detailed follow up!

jomaint commented 6 years ago

@phoenixbox Did you try the production source fix? Any idea how to get react-native calling S3, to work on IOS simulator? Im having a hard time understanding the stackoverflow post.

phoenixbox commented 6 years ago

Hey @jomaint, try updating the RCTHTTPRequestHandler.m with the snippet below. I modified how the request challenge is handled by making the change at line:85 #pragma mark - NSURLSession delegate of RCTHTTPRequestHandler.m.

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
{
  completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
}

As for using a real certificate for development, I can't say I know how to make that work. I just used this workaround for local development. Removed it for production builds on devices, and it works

jomaint commented 6 years ago

@phoenixbox Thanks for your response! I’ll give a go and see how it goes