App Transport Security failure under OSX 10.11

[pkedrosky]

Sadly, webkit2png now throws App Transport Security errors under El Capitan any time you request a non-https site. Specifically:

Fetching http://google.com/ ...
2015-10-02 16:22:21.037 Python[6363:5778368] App Transport Security has blocked a 
cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be 
configured via your app's Info.plist file.
 ... something went wrong: The resource could not be loaded because the App Transport 
Security policy requires the use of a secure connection.

Apple's solution (sic.) to this problem -- assuming you can't request an https version of the site -- is to modify your app's .plist to make exceptions for all non-https sites you want to request, or you can turn off ATS altogether in the .plist. (I see, from testing, that Python's urllib2 can request external non-https sites, but webkit2png cannot.)

[Update] Good discussion of some of the underlying Python/NSURL issues here: http://michaellynn.github.io/2015/07/31/customized-python-app-bundles/

[nhaglind]

Yep, ran into this issue today. Some more details around it. http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

[bendalton]

I've submitted a PR for this. Just setting the relevant Info.plist values at runtime. Works great on El Capitan for me now.

Cheers!

[nhaglind]

Awesome! Hopefully it gets merged with master so we can install via homebrew.

[patrickwelker]

Maybe mentioning @paulhammond helps. Homebrewing this would be sweet.

[pbov]

+1 Would be nice to fix it on brew

[Saeven]

+1 Homebrew fix!

[bendalton]

@paulhammond - let me know if you want me to modify this in any way :-)

On Tue, Dec 1, 2015 at 11:24 AM Alexandre Lemaire notifications@github.com wrote:

+1 Homebrew fix!

— Reply to this email directly or view it on GitHub https://github.com/paulhammond/webkit2png/issues/90#issuecomment-161020924 .

[RasmusMalver]

@cova-it, @Saeven and anybody else who (like me) arrives here looking for a solution for the Homebrew 0.7-version: Open /usr/local/Cellar/webkit2png/0.7/bin/webkit2png in a text editor and add these lines from line 422 (read more on #91) :

# Handles ATS HTTPS requirement introduced in El Cap
 if options.ignore_ssl_check:
     AppKit.NSBundle.mainBundle().infoDictionary()['NSAppTransportSecurity'] = dict(NSAllowsArbitraryLoads = True)

[orenyomtov]

@Rasmis Thanks. Your snippet works for me

[denji]

Stable version not fixed.

[ITRecords38]

Hi,

after have add this line a little problem.

File "/usr/local/bin/webkit2png", line 423 if options.ignore_ssl_check: ^ IndentationError: unexpected indent

Thanks for help

[orenyomtov]

@GrimlocK38 double check you used 4 spaces to indent, and no tabs.

[ITRecords38]

Hi, @orenyomtov

same problem but with this errors now.

Traceback (most recent call last): File "/usr/local/bin/webkit2png", line 469, in main() File "/usr/local/bin/webkit2png", line 431, in main AppKit.NSApp().setDelegate(delegate) AttributeError: 'NoneType' object has no attribute 'setDelegate'

[orenyomtov]

This is my edited copy and it works

webkit2png.zip

[ITRecords38]

@orenyomtov,

Perfect :).

PS: for an capture used: --ignore-ssl-check

Work now

A big thanks

[scottjbarr]

I have the same issue, but the version supplied by @orenyomtov works exactly as expected.

[lukewcn]

seems that brew version has not fixed? It Really need to be fixed :>

[the-real-adammork]

also here because of brew.

[metaColin]

Also here from brew.

[o6uoq]

+1

[helloalvin]

I also meet this problem. =======like this: ./webkit2png http://www.163.com ('Fetching', http://www.163.com, '...') 2019-06-25 21:19:42.823 Python[4312:186459] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file. ... something went wrong2: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

[helloalvin]

nothing to modify,run like this is ok. ./webkit2png http://www.hnust.cn --ignore-ssl-check

[Xploit3r]

I used the "--ignore-ssl-check" option and it still gives me the same error message. Please check below:

webkit2png -F http://www.ox.ac.uk/ --ignore-ssl-check
Fetching http://www.ox.ac.uk/ ...
2020-01-10 10:36:56.372 Python[88776:9748137] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
 ... something went wrong: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

Do I need to make changes to info.plist of webkit2png file?

Thanks.

[paulhammond]

Hi all! Thank you to everyone for reporting this, and to Ben for proposing a fix. I'm sorry it took so long to get this fixed; my day job got really really busy and side projects like webkit2png got left behind.

I'm just working through the backlog of bugs and pull requests and then I'll get a new release out soon including this.

[ancestral]

Big fan of webkit2png!

I totally get a lot is going on for people, but any chance of a fix soon?

Also, maybe it would be good to leave the issue open since it’s not resolved?