Friends i have simple audio player (MPMoviePlayerController) which can play audio stream. On iOS 11 i have very interessing trouble, thousand time i have error and my stream was stopped:
NSURLConnection finished with error - code -1002
I paste this code (this code i saw on stackowerflow) but it's not help to me:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>cast.mysite.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Maybe you know best solution?
That error should not be related to using HTTP instead of HTTPS. App Transport Security failures return error code -1022.
The error code -1002 indicates an invalid URL. Perhaps your HTTP live streaming playlist file contains a structurally invalid URL (e.g. missing scheme, a scheme other than http/https, etc.)?
For additional debugging, set this environment variable
CFNETWORK_DIAGNOSTICS=1
in your Xcode project and re-run the app. Once you know what URL is failing, the problem will likely become more obvious.
If it isn't, file a bug.
This issue can appear if your URL contains spaces. I solved it by replacing the spaces with "%20", and then you can use it safely. The Objective C code to replace the spaces is below.
your_url_variable_name = [your_url_variable_name stringByReplacingOccurrencesOfString:#" " withString:#"%20"];
First thing you must use secure server (server with valid certificate).
I'm not sure either it is necessary or not because i never tried to hit server with invalid certificate. You can try this code (not sure it will work for you or not) put this code in Appdelegate.m
#implementation NSURLRequest(DataController)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
return YES;
}
#end
We have a Launch Daemon which (necessarily, for various reasons) runs as root, and which communicates with a server component via the network. It needs to authenticate with the service, so when it first obtains the password, we save it to the system keychain. On subsequent launches, the idea is to retrieve the password from the keychain and use it to authenticate with the network service.
This has been working fine, but on macOS 10.12 the existing code stopped working, and we've been entirely stumped on how to fix this. It boils down to this:
Regardless of whether we're saving a new password or retrieving an old one, we obtain a reference to the system keychain using this:
SecKeychainCopyDomainDefault(kSecPreferencesDomainSystem, &system_keychain);
We also disable user interaction for good measure, although we'd expect it to already be off in the context of a daemon.
SecKeychainSetUserInteractionAllowed(false);
When saving a new password to the keychain, we use
OSStatus status = SecKeychainAddInternetPassword(
system_keychain,
urlLength, server_base_url,
0, NULL,
usernameLength, username,
0, NULL,
0,
kSecProtocolTypeAny, kSecAuthenticationTypeAny,
passwordLength, password,
NULL);
This much works. Success is reported, and I can see the item in the "system" keychain in Keychain Access.app.
Retrieving it on subsequent runs of our daemon is done with this line:
status = SecKeychainFindInternetPassword(
system_keychain,
urlLength, url,
0, NULL,
usernameLength, username,
0, NULL,
0,
kSecProtocolTypeAny, kSecAuthenticationTypeAny,
&passwordLength, &password_data,
NULL);
Unfortunately, this has started returning errSecAuthFailed for reasons that are unclear to us.
A few additional details we've checked and things we've tried, to no avail:
The daemon binary is signed with a Developer Id certificate.
The daemon binary contains an embedded Info.plist section with a bundle ID and version.
I can see the daemon binary in the "Always allow access by these applications" list in the "Access Control" tab of the password item in Keychain Access.app.
If I manually switch to "Allow all applications to access this item" in Keychain Access, it works. This somewhat defeats the point of saving the password in the keychain, however.
We've tried playing around with the parameters to SecKeychainAddInternetPassword, but this doesn't seem to have made any difference.
We've tried explicitly unlocking the keychain with SecKeychainUnlock(), but as the documentation suggests, this seems to be superfluous.
Deleting the item in Keychain Access.app causes SecKeychainFindInternetPassword() to yield errSecItemNotFound, as you'd expect. So it can definitely find the saved item, it just isn't allowed to read it.
The keychain documentation isn't exactly easy to read and in parts rather tautological. ("In order to do Y, you need to do Y," without mentioning why you'd want to do Y.) Nevertheless, I think I've made it through and have understood most of it. Various aspects of our particular setup aren't covered in detail (access from a daemon), but it seems pretty clear that accessing an item previously saved by the same app should not require any special authorisation or authentication. Which is in direct contradiction to the behaviour we're seeing.
Any ideas?
After spending some more hours on this across several days, we finally worked out what was going on.
First, I tried to build a minimal example that would reproduce the problem. This did not fail with errSecAuthFailed and thus didn't reproduce the problem. So back to the original daemon, there must be something specifically about it that was going wrong.
The next idea was to check the system log for the time when SecKeychainFindInternetPassword() was called. This turned up some error messages:
securityd CSSM Exception: -2147411889 CSSMERR_CL_UNKNOWN_TAG
securityd MacOS error: -67063
securityd MacOS error: -67063
securityd code requirement check failed (-67063), client is not Apple-signed
securityd CSSM Exception: 32 CSSM_ERRCODE_OPERATION_AUTH_DENIED
OurDaemon subsystem: com.apple.securityd, category: security_exception, enable_level: 0, persist_level: 0, default_ttl: 0, info_ttl: 0, debug_ttl: 0, generate_symptoms: 0, enable_oversize: 0, privacy_setting: 2, enable_private_data: 0
OurDaemon CSSM Exception: -2147416032 CSSMERR_CSP_OPERATION_AUTH_DENIED
This suggested the problem might be with code signing. Strange. Checking the code signature of the binary with codesign -vv returned no issues.
After hunting around the web for various parts of the error messages, I found -67063 corresponds to errSecCSGuestInvalid. The comment reads "code identity has been invalidated."
Okay, definitely some codesigning error, but what does it mean, and why did it occur?
Hunting around some more finally turned up the explanation, and also the solution: http://lists.apple.com/archives/apple-cdsa/2010/Mar/msg00027.html
It means that at some point since the program got started, something
happened to it that made it invalid.
and
if you run a signed program, then replace it (by, say, building a
new version in place :-), and then run the new version, the kernel
will still hold the old signature attached to the executable's vnode.
If that's your situation, just removing the executable and recreating
it clears up the problem for good (until you overwrite the file again
:-). We recommend that signed code always be replaced (mv(1), not
cp(1), or equivalents).
This explained it. I was copying new versions of the daemon into place using
sudo cp path/to/built/daemon /usr/local/libexec/
Apparently, that overwrites the file in-place rather than creating a new vnode, writing that, and then renaming it over the old file. So the solution is to either cp to a temp directory first, and then mv into place. Or delete the destination file before using cp.
As soon as I did that, it worked!
Using Registry 5.1 - Any attempt to add a wsdl, displays a depreciated message, 'use https://localhost:9445/publisher', but any attempt to use this url fails because the subsequent login screen doesn't seem to know about the port 'offset' feature - basically I suspect there is a bug when Registry is not deployed on the default port.
https://localhost:9443/publisher/acs?loginStatus=true
i.e. its using wrong port should be + 1
Possibly finger trouble? should this work & I'm missing something?
In order to access publisher and store after port offset, you need to change the content of the <GREG_HOME>/repository/conf/identity/sso-idp-config.xml. You need to specify the correct port number in that file. Please refer to the following config; here port offset of 3 is used:
<AssertionConsumerService>https://localhost:9446/publisher/acs</AssertionConsumerService>
Let's consider an app doing the following steps using AppleScript, in order to auto-login to some website:
1- Open "Safari" and navigate to website
2- Fill the username and password fields with JavaScriptdo JavaScript " document.getElementById('password_input').value = 'userPassword' "
3- Submit form using JavaScript --- do JavaScript " document.forms['login_form'].submit() "
For a sandboxed Mac app, com.apple.security.temporary-exception.apple-events entitlement key must be added for "Safari", in order to execute AppleScript procedure above.
<key>com.apple.security.temporary-exception.apple-events</key>
<array>
<string>com.apple.safari</string>
</array>
Everything works great this way, without any problem.
Here is my question:
Does the app get rejected because of this temporary exception usage for Safari?
After waiting for more than one month, my app got approved.
In entitlements section of iTunesConnect, I briefly explained why I used this entitlement key, and my app got approved without any problem.
So I can say that temporary exception usage for Safari is NOT a reject reason.
Looks like it :
https://github.com/TheRealKerni/QuincyKit/issues/109
In particular see comment from Ishuo
I've installed gist Ruby gem. However, I'm having trouble setting up my gist to work with an existing Github account and taken. I've read the instructions in here. However, I'm lost on the next steps I should try to get the authentication working despite following the instructions.
------ Update--------------------------
Found this issue to be open in its Github page: https://github.com/defunkt/gist/issues
Not much I can do at this point.
Thanks in advance for your insights!
You should use your github password, not token: https://github.com/defunkt/gist#authentication