39

I'm upgrading an iOS app to iOS 9, and I have some URLs that are not secure, and I need a few exceptions to App Transport Security. I've added the two that I know about, but there are some warnings happening now stating:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

I need to know what URLs are being blocked so I can add them to the Info.plist, they're probably images or media files. How can I make the system log the URLs it decided not to load?

soulshined
  • 7,480
  • 4
  • 31
  • 63
Micah Hainline
  • 14,008
  • 9
  • 50
  • 84

2 Answers2

67

Editor Note: @jessedc points out in the comments below the link to the official Apple documentation on how to do this: https://developer.apple.com/library/content/qa/qa1887/_index.html

Okay, I have an answer I don't like! I still very much want a better one.

In my application:didFinishLaunchingWithOptions: method I added the line

setenv("CFNETWORK_DIAGNOSTICS", "3", 1);

When I ran the app then, in the log I can find an entry that looks like this:

2015-07-02 15:27:56.152 MyApp[45041:9125662] CFNetwork diagnostics log file
created at: /Users/micah.hainline/Library/Developer/CoreSimulator/Devices/
11BCA581-5F5F-494D-932A-2ECFCA33EA93/data/Containers/Data/Application/
9ACC6941-8039-4B86-B5E8-A6C66E2AD520/Library/Logs/CrashReporter/CFNetwork_com
.myapp.MyApp_45041.nwlrb.log

When I open that file I have a huge number of log entries about everything that's happened on the network. I search for kCFErrorDomainCFNetwork in that file and get logs for failed network requests. I can use that to see what URLs the system was trying to hit, and then can add that URL to the exceptions for App Transport Security.

Cœur
  • 32,421
  • 21
  • 173
  • 232
Micah Hainline
  • 14,008
  • 9
  • 50
  • 84
  • 4
    bump for creativity if nothing else haha :) – Max von Hippel Jul 07 '15 at 16:29
  • Don't you get error callbacks when your URL connection or data task finishes with an error? If so, IIRC, there's info in the NSError object that tells you why it was rejected, including whether it failed because of HSTS. – dgatwood Aug 23 '15 at 21:51
  • 1
    Thank you for this solution. I wish there was some way Apple would just let us set a breakpoint for every time this happens. – bugloaf Sep 11 '15 at 14:38
  • 1
    This answer is actually the documented way to do this: https://developer.apple.com/library/mac/qa/qa1887/_index.html I suggest adding the source to the answer – Jessedc Sep 28 '15 at 04:25
  • 2
    It's generally preferred to set environment variables through the Scheme. https://developer.apple.com/library/mac/recipes/xcode_help-scheme_editor/Articles/SchemeRun.html#//apple_ref/doc/uid/TP40010402-CH4-SW1 – quellish Sep 28 '15 at 20:57
  • when I tried this, the filepath it spit out at me didn't exist. It says it output to `/private/var/mobile/...long path name...` but the `mobile` directory didn't actually exist – chiliNUT Oct 07 '15 at 20:00
  • 1
    @chiliNUT it's because you're debugging on your mobile device. In this case logs are also located on your device. Just extract your app container via Xcode and get your logs from `/AppData/Library/Logs/CrashReporter` folder. It's described in detail at the end of "CFNetwork Diagnostic Logging Q&A". – Alexander Dvornikov Oct 22 '15 at 15:46
  • You don't even need to extract it from your device. If you open Xcode->Devices and select your device, the rolling console output will contain the CFNetwork messages that it writes to the file. – Ian MacDonald Jun 23 '16 at 18:57
  • Can I only use this on simulator? – KarenAnne Mar 20 '17 at 10:17
  • @KarenAnne did you get your answer? – nr5 Sep 13 '17 at 12:57
  • Currently you can Edit Scheme and under Arguments you can add `CFNETWORK_DIAGNOSTICS` and `3` to environment variables. Doing that dumps out the extended logs into the main Xcode console which is pretty convenient. – Alper Jun 19 '18 at 12:27
2

Accepted answer is correct but If you're doing this on Xamarin iOS, you will need to use;

Environment.SetEnvironmentVariable("CFNETWORK_DIAGNOSTICS", "3", EnvironmentVariableTarget.Process);

Also, if you're looking for the log file use something like Simulator manager to find the correct location easier (https://github.com/tue-savvy/SimulatorManager).

PaulB
  • 774
  • 6
  • 14