Open openradar-mirror opened 7 years ago
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Modified: 2017-04-19T02:04:07.333480
Description
Summary: We utilise a proxy PAC file that is distributed to clients via DHCP option 252 Clients are configured for Auto Proxy Discovery.
When using NSURLConnection to retrieve a resource on a HTTPS site, NSURLConnection first must retrieve the proxy pac file. Presumably because this proxy PAC file is a HTTP resource, App Transport Security jumps in and blocks the request with the following error:
"App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file."
Steps to Reproduce:
ipconfig getpacket en0
Example output would look like: proxy_auto_discovery_url (string): http://pac.det.nsw.edu.au/det/itbproxy.pac
Expected Results: The script should execute and the https resource requested by NSURLConnection should load and be output to stdout
Actual Results: The script fails with the error message from App Transport Security: "App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file."
Regression: This issue does not occur under 10.11
Notes: As mentioned by the error message from ATS adding the following to the info plist in the python script does allow the script to execute correctly
info = bundle.localizedInfoDictionary() or bundle.infoDictionary() info[u"NSAppTransportSecurity"] = {u"NSAllowsArbitraryLoads": True}
However, this feels like a dirty hack and not something that I want to enable in my Applications.
- Product Version: 10.12.3 16D32 Created: 2017-02-01T01:12:56.606790 Originated: 2017-02-01T12:12:00 Open Radar Link: http://www.openradar.me/30299463