SDK 2.3.1 makeWebRequest returns -1001 SECURE_CONNECTION_REQUIRED

There's a change in SDK 2.3.1 which is now causing a Comms.makeWebRequest call to a php script on my web site to fail with a return code of -1001 in the simulator.

Through Wireshark, I can see that the HTTP call is succeeding.

Is there a spec of this change that can point me to a solution?

Looks like it's only a problem with the emulator.

MihaRekar over 7 years ago

I have similar problems, but I'm getting 404 and I can not access https URLS. Following the log on my server the request simply does not come there. With http call my server returns 301 but the app displays 404.

jim_m_58 over 7 years ago

You need to start using https and not http.

There's a switch in the sim (settings>Use Device HTTPS Requirements) that you can uncheck to allow http.

See:
https://developer.garmin.com/blog/category/connect-iq-sdk/

snd search the page for makeWebRequest

Changes to makeWebRequest
Apple introduced App Transport Security (ATS) in iOS 9. From the iOS 9 release notes:

App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.

If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn’t follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app’s Info.plist file.

Up until now, Connect Mobile has allowed makeWebRequest to communicate over HTTP and HTTPS because it defined the NSAllowsArbitraryLoads permission. However, Apple has a declaration that all iOS 10 apps should support ATS by the end of 2017.

In light of this, Connect IQ will require that calls to makeWebRequest communicate only with ATS compliant servers. In a future update the simulator is now going to check to make sure that all requests are talking to properly secured servers, and we will be removing NSArbitraryContent in an upcoming version of Connect Mobile.

Alan.raceQs over 7 years ago

Thanks for that Jim, I have used Cloudflare to handle my secure http and it works really well. I don't profess to any understanding of it but I have had some great advice from my colleague which I will pass on for the benefit of others:

I think the easiest way to do so is via Cloudflare.com.

Please try it for {enter your domain here}
Register. Choose free plan.
- Configure as it asks you to (change DNS servers to Cloudflare's)
- Configure Cloudflare to route your traffic through their servers (orange clouds on DNS tab)
- Flush local DNS cache and ping gpsanimator.com to check if it is associated with Cloudflare
- Check if everything is still working
- Choose "flexible" SSL on Crypto tab
- Check if HTTPS works for{enter your domain here}

I have one further question.
Do I have to use https for openWebPage as well as makeWebRequest?
The reason I ask, is that when I do use https for openWebPage, the graphics are not being rendered nicely. If I don't have to use it, then it's not a problem, if I do, hen I have to work out why the graphics are being corrupted.

Alan.raceQs over 7 years ago

Resolved

The reason I ask, is that when I do use https for openWebPage, the graphics are not being rendered nicely. If I don't have to use it, then it's not a problem, if I do, hen I have to work out why the graphics are being corrupted.

1. After some experimenting in the sim, it seems that openWebPage does not require https.
2. And even if it did, there's a fix in Cloudflare that replaces all http calls with https by using "Automatic HTTPS Rewrites" on Crypto tab.