multi icon indicating copy to clipboard operation
multi copied to clipboard

Published 20 hours ago verified publisher icon kofigumbs

Allow Insecure URLs

Open dotsam opened this issue 4 years ago • 2 comments

At least on Big Sur 11.3.1, App Transport Security doesn't allow access to http URLs by default. I've got some internal tools that don't use TLS, so I've added the plist keys mentioned here to the stub app's Info.plist, which has allowed it to load the insecure URL. You could make this an option at app creation time to add this key to the stub app to allow it to open any insecure URL, or possible provide a user-specified whitelist?

dotsam avatar May 10 '21 21:05 dotsam

Thanks for doing the initial research here. I'll take a look next time I get a chunk of time for Multi updates.

kofigumbs avatar May 12 '21 19:05 kofigumbs

Seems like the plist fix no longer works. Added the following inside the root dict

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
</dict>

Even after doing this my Multi app remains a grey box with the following error in the console. Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “localhost” which could put your confidential information at risk.

My Multi app config is as follows:

{
  "tabs": [
    {
      "title": "VVRP",
      "url": "https://localhost:8443/client.html?deviceId=cvd-1"
    }
  ],
  "openNewWindowsWith": "com.microsoft.edgemac",
  "terminateWithLastWindow": true
}

Running on an M2 Mac

itskaizad avatar Apr 04 '24 04:04 itskaizad