Parse-server: iOS App Transport Security not Loading any Resources (HTTP)

Created on 2 Mar 2016 · 11Comments · Source: parse-community/parse-server

Hi All,

I'm having an issue when attempting to load resources from within my Parse-Server backend iOS App.

App Transport Security is a feature on iOS apps that disallows connections if they are not https, and in my case, any resource (images, etc) URLs are loaded using http and so the connection is not allowed.

Note that I do not have this issue when loading normal data (user data, PFObjects, etc.).

My server URL client side and my SERVER_URL config parameter in Heroku are both https. I am using Heroku+MongoDB to host this Parse server.

Here are NSLogs from my iOS device simulation when trying to load a resource:

Error Domain=Parse Code=100 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." 
UserInfo={code=100, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., originalError=Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." 
UserInfo={NSUnderlyingError=0x7f976fe2c800 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://<URL>.herokuapp.com/parse/files/sUnFtZuPieaQaONJIkUEEECtNDZiuCjQzUH4K9FY/de36470e632cc17c67eeb646e3d41f64_profilepicture.png, NSErrorFailingURLKey=http://<URL>.herokuapp.com/parse/files/sUnFtZuPieaQaONJIkUEEECtNDZiuCjQzUH4K9FY/de36470e632cc17c67eeb646e3d41f64_profilepicture.png, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}, temporary=1, error=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

How can I fix this issue?

Source

AlecKriebel

All 11 comments

Hi @AlecKriebel, I've found this guide to be helpful when working with ATS on iOS.

As long as your resources are coming from the same domain, you'll probably want to follow _Example B_. If you're resources are coming from arbitrary domains, you'll most likely need to go with _Example E_.

mpaulsonco on 2 Mar 2016

@mpaulsonco Thanks for the guide.

Example B is certainly a work-around, and if I can't solve this issue, that is certainly what I will implement, but I can't imagine that loading resources from MongoDB using https is impossible.

AlecKriebel on 2 Mar 2016

This is slightly disconnected from MongoDB, since clients actually won't ever talk to it.
I recommend getting a SSL certificate and plugging this in front of your server.
You can even get a free one from https://letsencrypt.org

Both the workaround and plugging SSL Cert and moving your app to https will work.
Going to close this one out, feel free to reopen if this still doesn't work for you.

nlutsenko on 3 Mar 2016

Heroku automatically makes all the other endpoints https secure so how can I get it to do the same for the files endpoint?

Charlesleonius on 12 Sep 2016

@Charlesleonius did you figure out the answer to your question? Same issue for me here

jayliew on 18 Jan 2017

@jayliew I ended up using a client side workaround. This is essentially the code I used to get around it, maybe you can modify it for your needs:
```
let file = PFFile() //Placeholder
var url = file.url!
if (!url.contains("https")) {
url = url.insert(string: "s", ind: 4)
}
let URL = NSURL(string: url)!

Charlesleonius on 18 Jan 2017

@Charlesleonius thanks!

jayliew on 18 Jan 2017

Try with setting publicServerURL, setting HTTPS. That should work