Electron-builder: Autoupdater fails on MacOS X

Created on 10 Oct 2018 · 31Comments · Source: electron-userland/electron-builder

Version: 3.0.3

Electron updater: 3.1.2
Target: mas

Updated to the latest version of Electron. Everything build and publishing good. We are using amazon s3 provider. Files are available.
But when i'm trying to update an application (it downloads it but can't install) - getting following error:
Error: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. at /Applications/Our.app/Contents/Resources/app.asar/node_modules/graceful-fs/polyfills.js:287:18 at FSReqWrap.oncomplete (fs.js:183:5) From previous event: at Object.done (/Applications/Our.app/Contents/Resources/app.asar/node_modules/electron-updater/src/MacUpdater.ts:46:11) at /Applications/Our.app/Contents/Resources/app.asar/node_modules/electron-updater/src/AppUpdater.ts:530:25 at Generator.next (<anonymous>) at runCallback (timers.js:696:18) at tryOnImmediate (timers.js:667:5) at processImmediate (timers.js:649:5) at process.topLevelDomainCallback (domain.js:121:23)
...

It was OK on version 1.8.* but i can't migrate to 3.0.3 because of that issue. What can i do with it? Thanks.

bug electron-updater mac

Source

dafivius

👍2

Most helpful comment

@aguynamedben Thanks for donation, electron-builder 20.38.3 is released. https://github.com/electron-userland/electron-builder/commit/930dc8d

develar on 11 Dec 2018

🎉4

All 31 comments

I'm having this too. I'm building and failing update on Majave but both users that reported errors updating are on Sierra and High Sierra :(

framerate on 10 Oct 2018

Adding this to package.json helps with the nsapp error


"extendInfo": {
       "NSAppTransportSecurity": {
          "NSAllowsArbitraryLoads": true
        },
        "NSExceptionDomains": {
          "localhost": {
            "NSTemporaryExceptionAllowsInsecureHTTPSLoads": false,
            "NSIncludesSubdomains": false,
            "NSTemporaryExceptionAllowsInsecureHTTPLoads": true,
            "NSTemporaryExceptionMinimumTLSVersion": "1.0",
            "NSTemporaryExceptionRequiresForwardSecrecy": false
          }
        }
      }

gseregni on 11 Oct 2018

👍1

@gseregni it must be in old app or in new? Because in new app it doest have effect. But if old - how to update already installed apps? No way?

dafivius on 12 Oct 2018

@dafivius Unfortunately i think you have now way to update automatically the old app if you already shipped it with electron updater 3.1.2 and electron 3.

gseregni on 12 Oct 2018

@dafivius the problem may exists only on some OSX versions.. here at Pingendo we reverted back to electron 2

gseregni on 12 Oct 2018

@gseregni yep. Reverted back to 1.8, all ok. Making two versions of package json for macos and (linux/windows). No another idea yet. Need to keep working of app with existed users.

dafivius on 15 Oct 2018

@dafivius i think it's not possible to have autoupdater back to work for users already updated, unless they dont' install your app again.

gseregni on 15 Oct 2018

Any official word on the cause anywhere yet?

framerate on 15 Oct 2018

👍3

@develar any news here ?

gseregni on 16 Oct 2018

@dafivius I was having this problem and I solved using the following versions:

electron: 3.0.5
electron-builder: 20.20.4
electron-updater: 2.23.3

package.json:

"mac": {
    "type": "distribution",
    "extendInfo": {
        "NSAppTransportSecurity": {
            "NSAllowsArbitraryLoads": true
        }
    },
    "target": [
        "zip"
    ]
}

juliocesaroliveira on 23 Oct 2018

👍1

@juliocesaroliveira That didn't seem to solve mine...

@develar - Can you at least fill us in on why there's no official word on this? Did we miss something in an update note or readme somewhere?

framerate on 6 Nov 2018

@framerate no info. We decided to migrate to newest electron version with @juliocesaroliveira notes. Everything works fine yet.

dafivius on 7 Nov 2018

Please try next pre-release versions:

electron-updater 3.2.1
electron-builder 20.33.1

develar on 7 Nov 2018

👍1

Please never use "NSAllowsArbitraryLoads": true. electron-builder 20.33.0 adds localhost to NSExceptionDomains by default now, so, you don't need it at all. But if you want to be really sure, you can set "NSAllowsLocalNetworking": true (but please, please test without it, to ensure that electron-builder default configuration is valid).

develar on 7 Nov 2018

👍3

Apple Transport Security doesn't make sense for Electron applications because restrictions are not enforced to both NodeJS and Electron net API.

As Squirrel.Mac doesn't support file urls now, electron-updater forced to use proxy to pipe local file to Squirrel.Mac.

I decided to set "NSAllowsLocalNetworking": true in addition to NSExceptionDomains to make sure that ATS will not affect auto update.

develar on 7 Nov 2018

Is this confirmed fix? I updated my versions according to @develar but latest version didn't patch again... Probably user error but I'd love confirmation from somebody.

framerate on 16 Nov 2018

electron-builder 20.36.2 and electron-updater 4.0.4 are latest versions that were tested and proven to be working. If not, please provide steps to reproduce.

develar on 16 Nov 2018

👍1

Awesome. I think I'm using versions posted above

Please try next pre-release versions:
electron-updater 3.2.1
electron-builder 20.33.1

I'll update this weekend and verify. Thanks!

framerate on 16 Nov 2018

@framerate To clarify — I fixed one bug, then discovered another one, then added another improvement, then I decided to require Electron 3 (to simplify testing and to use new Electron features). That's why so many electron-updater versions recently :)

develar on 16 Nov 2018

👍1

I appreciate your work! I have enough on my plate without having to make building and updating tools myself :)

framerate on 16 Nov 2018

@develar Not sure if this helps you or if it's just user error but I updated using electron-builder 20.36.2 and electron-updater 4.0.4 twice (so the version on my computer and the one on the server were built with the same version) but still doesn't update

Here's the end of the log . that looks "failed" if it helps.

I'm going to spend some time this week setting up a test update server to really dive deep. I haven't had one setup because updates have been rock solid for almost 2 years!

framerate on 20 Nov 2018

Strange URL in your logs — do you really use electron-updater or native
directly?

On Tuesday, November 20, 2018, Justin Reynard notifications@github.com
wrote:

@develar https://github.com/develar Not sure if this helps you or if
it's just user error but I updated using electron-builder 20.36.2 and
electron-updater 4.0.4 twice (so the version on my computer and the one
on the server were built with the same version) but still doesn't update

Here's the end of the log . that looks "failed" if it helps.

[image: image]
https://user-images.githubusercontent.com/74291/48796428-74a46780-ecb4-11e8-9537-59b3add3abcf.png

I'm going to spend some time this week setting up a test update server to
really dive deep. I haven't had one setup because updates have been rock
solid for almost 2 years!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/electron-userland/electron-builder/issues/3377#issuecomment-440395170,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAVZ3kWaJ_crJEBgiuKfBsjeyKh1bc8pks5uxFOsgaJpZM4XVM0G
.

develar on 20 Nov 2018

Hmm. Honestly that's a good question. I have it set up based on your read me files from about 2 years ago and have never had to change anything.

It worked perfectly through to electron 3.0 update.

I serve my updates through my CDN. Sounds like I may have to revisit my setup?

framerate on 20 Nov 2018

@develar thanks for pointing that out. I update to latest electron-updater and it works WAY better!

framerate on 3 Dec 2018

Please never use "NSAllowsArbitraryLoads": true. electron-builder 20.33.0 adds localhost to NSExceptionDomains by default now, so, you don't need it at all. But if you want to be really sure, you can set "NSAllowsLocalNetworking": true (but please, please test without it, to ensure that electron-builder default configuration is valid).

According to Apple documentation (https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35) NSAllowsLocalNetworking is not available for macOS 10.12 and older.

The workaround for Supporting Older Operating Systems:
Version-specific ATS behavior: In a current operating system, the presence of a fine-grained transport security key (NSAllowsArbitraryLoadsForMedia, NSAllowsArbitraryLoadsInWebContent, or NSAllowsLocalNetworking) overrides the value of the NSAllowsArbitraryLoads key to NO. This allows you to set NSAllowsArbitraryLoads to YES if needed for your app in older operating systems, without disabling ATS generally in current operating systems.

alexdrimbe on 4 Dec 2018

👍3

I think @alexdrimbe is right, also discussed at https://github.com/electron-userland/electron-builder/issues/3525#issuecomment-446033671

aguynamedben on 11 Dec 2018

electron-builder 20.33.0 adds localhost to NSExceptionDomains by default now, so, you don't need ["NSAllowsArbitraryLoads": true] at all.

Apple docs:

However, this fine-grained control [NSAllowsLocalNetworking] is not available in older operating systems (iOS 10.0 and older, or macOS 10.12 and older). To maintain backward-compatibility when you use any of these keys, you must also set the value of the NSAllowsArbitraryLoads key to YES, taking advantage of its version-specific behavior.

https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35

aguynamedben on 11 Dec 2018

@aguynamedben Thanks for donation, electron-builder 20.38.3 is released. https://github.com/electron-userland/electron-builder/commit/930dc8d

develar on 11 Dec 2018

🎉4

👏🙏Thank you for the hard work on electron-builder. It's truly great.

aguynamedben on 11 Dec 2018

@develar Can you provide stable versions of electron-builder and electron-updater to be used in order to get over this issue?

When I use

"electron-updater": "4.0.5"
"electron-builder": "20.38.3"

while building App I am getting
• signing file=dist/mac/Test App.app identityName=NYC, Inc. identityHash=7F34811EEF4215A5EBE21459CD8E8DB37D2E9488 provisioningProfile=none

Does this mean It is not signing the application?

apurvaSynerzip on 20 Dec 2018

I am facing the same issue, and neither it is fixed in latest version nor by using NSAllowsArbitraryLoads and NSExceptionDomains in plist

My download url is on http. I see the ATS error in logs

The resource could not be loaded because of the App Tranbsport Security Policy requires the use of secure connection

I change the plist via mac.extendInfo config.

"extendInfo": {
       "NSAppTransportSecurity": {
          "NSAllowsArbitraryLoads": true
        },
        "NSExceptionDomains": {
          "download.mydomain.com": {
            "NSTemporaryExceptionAllowsInsecureHTTPLoads": true,
            "NSTemporaryExceptionRequiresForwardSecrecy": false
          }
        }
      }

More info to debug

I test the final executable contents/Info.plist, it's OK plutil /Applications/Myapp.app/Contents/Info.plist -> OK
Versions: [email protected], [email protected]