Cordova whitelist iOS 10 SSL error: Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made

问题

I am trying to send an ArrayBuffer to

https://1511921174.cloud.vimeo.com/upload?ticket_id=xxxxxxxxxx&video_file_id=xxxxxx&signature=xxxxxxxx=1%22

In iOS 10 nothing is happening. There must me a whitelisting error. I am whitelisting *.vimeo.com and *.cloud.vimeo.com per the cordova-plugin-whitelist docs. Everything works fine in iOS 9 and on Android.

<access origin="http://*.vimeo.com" subdomains="true" />
<access origin="https://*.vimeo.com" subdomains="true" />
<access origin="http://*.cloud.vimeo.com" subdomains="true" />
<access origin="https://*.cloud.vimeo.com" subdomains="true" />

Any ideas what could be happening? Thanks!

回答1:

It looks like this isn't a whitelist but an App Transport Security issue.

I got the videos to upload to Vimeo using iOS 10. It looks like there may be a problem with Vimeo's SSL certificate. They may use an old TLS version. When I turned off the App Transport Security in the plist it just worked:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
</dict>

So without turning everything off I ended up adding the code below in the plist for vimeo.com only:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>vimeo.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.0</string>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
        </dict>
    </dict>
</dict>

I hope that helps anyone out there.

回答2:

I had to make tweaks to the Content-Security-Policy meta tag for iOS 10 (see here) so it's possible that you also need to add/update that, e.g.

<meta http-equiv="Content-Security-Policy" content="default-src 'self' gap: file: https://*.cloud.vimeo.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; media-src *">

回答3:

Before I was adding Info.Plist entries with the edit-config tag in config.xml. But for an obscure reason it wasn't working when I was overriding the NsAppTransportSecurity entry.

After some research, I that the cordova-plugin-whitelist is also translating the "access" and "allow-navigation" tags in the config.xml to a NsAppTransportSecurity entry in the Info.Plist file since october 2015 (source).

So the plugin was blocking my edit-config tag in my config.xml from overwriting this entry. According to this doc from Cordova, you can set the transport security options in the "access" and "allow-navigation" tags in config.xml. I did this and now it works great.

来源：https://stackoverflow.com/questions/39501523/cordova-whitelist-ios-10-ssl-error-failed-to-load-resource-an-ssl-error-has-oc