How do I perform an insecure URLSession query in iOS

Multi tool use
Multi tool use


How do I perform an insecure URLSession query in iOS



I'm trying to perform a query to a website that I run. However, currently, this website's certificate is invalid (for a valid reason for now).



I'm trying to query it with this code:


private static func performQuery(_ urlString: String) {
guard let url = URL(string: urlString) else {
return
}
print(url)
URLSession.shared.dataTask(with: url) {
(data, response, error) in
if error != nil {
print(error!.localizedDescription)
}
guard let data = data else {
return
}
do {
let productDetails = try JSONDecoder().decode([ProductDetails].self, from: data)
DispatchQueue.main.async {
print(productDetails)
}
} catch let jsonError {
print(jsonError)
}
}.resume()
}



However, I get:


NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “mydomain.com” which could put your confidential information at risk.



How can I make an insecure URLSession query (equivalent to -k in CURL)?



I've tried setting these:


<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>mydomain.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>



And yes I don't intend to release this to the App Store with insecure access, but I need to get the code tested and right now we can't get a valid certificate, so this is purely for development purposes.




2 Answers
2



First, set the delegate of the session to your class which conforms to URLSessionDelegate like :


URLSessionDelegate


let session = URLSession(configuration: .default, delegate: self, delegateQueue: OperationQueue.main)



Add the implementation of didReceiveChallenge method in your class which conforms to URLSessionDelegate protocol


didReceiveChallenge


URLSessionDelegate


public func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
}



This will allow insecure connection by trusting the server.



WARNING : DO NOT use this code in production apps, this is a potential security risk.





URLSession.shared.delegate = self doesn't work because delegate is get only
– Wayneio
Jul 3 at 12:52





@Wayneio create a URLSession object with default session configuration and set it's delegate to your class. Use init(configuration:delegate:delegateQueue:)
– Shaggy D
Jul 3 at 13:00



init(configuration:delegate:delegateQueue:)





@Wayneio edited my answer
– Shaggy D
Jul 3 at 13:05





Okay cool. So then to use it, I try let _ = session.shared.dataTask(with: request as URLRequest) {... but it say session cannot be used on type 'Util' (Util is my class name)
– Wayneio
Jul 3 at 13:07





Generally all your request code should be in a singleton class which has a session. For example, the class can be named as NetworkManager and it will have an instance of URLSession. You shouldn't perform requests from static methods of Utils.
– Shaggy D
Jul 3 at 13:11



Try these exceptions:


<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>





Thanks, this returns the same error
– Wayneio
Jul 2 at 12:25






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

bqBmAh HcYx7,F,c4fk j2 SDTB
-
LVjP51

Popular posts from this blog

PHP contact form sending but not receiving emails

PHP contact form sending but not receiving emails I have created a contact form using PHP to send the data. The form seems to send fine as there are no errors and success message appears, however I am not receving the emails into the designated inbox. I am using PHPMailer as I originally tried just using the php 'mail' command which I now understand is a bit hit and miss. I cannot see why I would not be receving the emails so I would be very grateful for any help that could be given. I'm quite new to PHP so please be patient with me :) <?php use PHPMailerPHPMailerPHPMailer; use PHPMailerPHPMailerException; $msg = ""; if (isset($_POST['submit'])) { require 'phpmailer/src/Exception.php'; require 'phpmailer/src/PHPMailer.php'; require 'phpmailer/src/SMTP.php'; function sendemail ($to, $from, $body) { $mail = new PHPMailer(true); $mail->setFrom($from); $mail->addAddress($to); $ma...
Read more

Do graphics cards have individual ID by which single devices can be distinguished?

Do graphics cards have individual ID by which single devices can be distinguished? I have several graphics cards of the same manufacturer and same model and I want to distinguish them not only by the pcie socket they reside in but by some individual value I can read from the hardware. Is there such value and if so what would it be called and how could I access it? Right now I'm using modern nvidia cards (10xx series) and nvidia inspector.but I'd prefer if there was any value that was also applicable to amd. I have programming and scripting knowledge. I am running Windows 10 1 Answer 1 This is a powershell example to pull information from video cards. The DeviceID is supposed to be unique but only if the manufacturer supports Windows Display Driver Model (WDDM). (I copied this directly from docs.microsoft.com) $strComputer = "." $colItems = get-wmiobject -class "Win32_VideoC...
Read more

Create weekly swift ios local notifications

Create weekly swift ios local notifications I can create daily notifications but not weekly ones using swift 3 ios 10 User Notifications framework. Daily works fine but when I add in the .weekday parameter it doesn't send me a notification. The code is: for i in 1 ... 7 { let center = UNUserNotificationCenter.current(); let content = UNMutableNotificationContent(); content.title = "Title"; content.body = "content"; content.sound = UNNotificationSound.default(); var dateComponents = DateComponents(); dateComponents.weekday = i; // hours is 00 to 11 in string format if (daynight == "am") { dateComponents.hour = Int(hours); } else { dateComponents.hour = Int(hours)! + 12; } // mins is 00 to 59 in string format dateCom...
Read more