PFFile TLS Download Support

[nlutsenko]

iOS 9 and OS X 10.11 has a requirement that any network connection, unless added to exceptions is done via TLS. Apple Tech Note.
We have full support right now for API server, as announced in the blog post.

The only piece left is file downloads, which are still being served from S3 via http and we are working on getting support for TLS for them shortly.

The current workaround for this issue is to add the following section to Info.plist of your app:

<key>NSExceptionDomains</key>
<dict>
    <key>files.parsetfss.com</key>
    <dict>
        <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
        <true/>
    </dict>
</dict>

Please comment on this issue if there is anything we can help you with regarding PFFile TLS support.

[jeroenleenarts]

Good to read it is being worked on.

[joshbeal]

A bit hacky but I've found that replacing "http://files.parsetfss.com" with "https://s3.amazonaws.com/files.parsetfss.com" does the trick for full SSL support on my website.

[chasing]

This doesn't appear to be working for me.

I have a bit of code that looks like this:

PFQuery *query = [PFQuery queryWithClassName:@"SomeClass"];
query.cachePolicy = kPFCachePolicyNetworkElseCache;
[query orderByAscending:@"orderByField"];
[query findObjectsInBackgroundWithBlock:^(NSArray *objects, NSError *error) {
    if (!error) {
        NSLog(@"Success!");
    } else {
        NSLog(@"Error: %@ %@", error, [error userInfo]);
    }
}];

And my Info.plist is as so:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
    <key>NSExceptionDomains</key>
    <dict>
        <key>files.parsetfss.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
        </dict>
    </dict>
</dict>

But still no bueno. The findObjectsInBackgroundWithBlock block doesn't trigger at all. No success. No error.

Any ideas?

Thanks!

[nlutsenko]

Hey @chasing, the files.parsetfss.com is only required if you are using PFFiles.
Since we fully support TLS 1.2 in api.parse.com, as noted in this blog post - it should straightly work out of the box.

Can you please confirm the version of the SDK you are using, as well as what is the error that you are getting back.

[chasing]

I upgraded to Parse 1.8.1 just now (still doesn't work). Was using 1.8 previously.

I'm not getting back any errors. The method doesn't call the block at all.

[chasing]

I put a breakpoint on the "findObjectsInBackgroundWithBlock" line and -- weirdly -- when I resumed, the block did get called. With these errors:

2015-08-24 08:54:39.250 MyApp[14068:1977313] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
2015-08-24 08:54:39.345 MyApp[14068:1977313] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

But then "findObjectsInBackgroundWithBlock" fails the next time it's called elsewhere in the code.

[SaifAlDilaimi]

I just wanted to say that I just updated to the current versions and I could only pass the errors by adding the following:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>facebook.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
            <key>fbcdn.net</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
            <key>akamaihd.net</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
            <key>parsetfss.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
            <key>files.parsetfss.com</key>
            <dict>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
    </dict>

    <key>LSApplicationQueriesSchemes</key>
    <array>
        <string>fbapi</string>
        <string>fb-messenger-api</string>
        <string>fbauth2</string>
        <string>fbshareextension</string>
    </array>

[nlutsenko]

Can you post an error here?
Since you have multiple domains here, it's hard to figure out the original cause behind the error you are getting without seeing the actual error.

[SaifAlDilaimi]

2015-09-20 16:51:32.605 Gossip[969:457124] [Error]: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. (Code: 100, Version: 1.8.1)

This is the error while I load PFFiles. I also recognized that the following needs also to be added:

    <key>NSAllowsArbitraryLoads</key>
    <true/>

but see my full example from my previous post.

[nlutsenko]

The issue was resolve in 1.8.2 version of the SDK. From the error message it seems that you are still using 1.8.1 (1.8.5 is current latest). Any chance you can upgrade and try again?

[SaifAlDilaimi]

I was going to write as you wrote that... I'm using cocoapods and it loads only 1.8.1 ... Any way to load the current version without loosing all dependencies FBUtilsV4 etc.?

[nlutsenko]

'pod update'?
If that doesn't update to the latest, then you probably have a strict version dependency either in your Podfile or in one of the pods you are using. (Paste the output of 'pod update' and we can figure it out)

[SaifAlDilaimi]

my bad I was limiting pods to iOS 8.0 <.<

[klemenzagar91]

Hi, does fetching data from PFFile now work out of the box or do I need to configurate this is some way?

I did configue S3Adaptor as in your guide. Then I add PFFile image to one of my Class in parse dashboard and that all works. I can also see that the image is saved in amazon s3 bucket.

But when I want to fetch PFFile data on my iphone, I get this error :

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection

If I add this line in my plist file then it all work OK.

For now it's ok, but when out app goes public, all the traffic should got via https. How can I fix this. The problem is just with PFFiles.

Thanks.