• Replies 7 replies
  • Subscribers 14 subscribers
  • Views 2112 views
  • Users 0 members are here
Options
Related

Difficulty debugging makeWebRequest with "Use Device HTTPS Requirements" enabled

Former Member
Former Member
Hi guys,

I am trying to use makeWebRequest to access an endpoint using HTTPS but am receiving a 404 response when the "Use Device HTTPS requirements" option is enabled in the Connect IQ Device Simulator.

Project details:

Minimum SDK: 2.3.x
Type: 'watch-app' (I have also tried watchface)
Target device: Fenix 5
Permissions: Background and Communications
Eclipse run configuration: Fenix 5 / quatix 5.

I am wondering if the endpoint doesn't reach the requirement mentioned in the 'important updates' notes below as it's almost as if the request isn't attempted to the endpoint at all.

https://developer.garmin.com/index.php/blog/post/connect-iq-important-updates

If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn’t follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app’s Info.plist file.

I cannot see an error being thrown apart from the 404 response so it is difficult to understand why this isn't working. If I disable the "Use Device HTTPS Requirements" option, the request is made successfully.

The endpoint I am trying to access is an Express Node.js application and I wondered if it was to do with the forward secrecy requirement:
https://certsimple.com/blog/a-plus-node-js-ssl#fixing-broken-perfect-forward-secrecy

The endpoint passes the tests performed by nscurl:

$ nscurl --ats-diagnostics https://XXXXXXXXXXXXXXX

Starting ATS Diagnostics

Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://XXXXXXXXXXXXXXX.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
Use '--verbose' to view the ATS dictionaries used and to display the error received in URLSession:task:didCompleteWithError:.
================================================================================

Default ATS Secure Connection
---
ATS Default Connection
Result : PASS
---

================================================================================

Allowing Arbitrary Loads

---
Allow All Loads
Result : PASS
---

================================================================================

Configuring TLS exceptions for XXXXXXXXXXXXXXX

---
TLSv1.2
Result : PASS
---

---
TLSv1.1
Result : PASS
---

---
TLSv1.0
Result : PASS
---

================================================================================

Configuring PFS exceptions for XXXXXXXXXXXXXXX

---
Disabling Perfect Forward Secrecy
Result : PASS
---

================================================================================

Configuring PFS exceptions and allowing insecure HTTP for XXXXXXXXXXXXXXX

---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
Result : PASS
---

================================================================================

Configuring TLS exceptions with PFS disabled for XXXXXXXXXXXXXXX

---
TLSv1.2 with PFS disabled
Result : PASS
---

---
TLSv1.1 with PFS disabled
Result : PASS
---

---
TLSv1.0 with PFS disabled
Result : PASS
---

================================================================================

Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for XXXXXXXXXXXXXXX

---
TLSv1.2 with PFS disabled and insecure HTTP allowed
Result : PASS
---

---
TLSv1.1 with PFS disabled and insecure HTTP allowed
Result : PASS
---

---
TLSv1.0 with PFS disabled and insecure HTTP allowed
Result : PASS
---

================================================================================



I also tried testing with an example endpoint from https://requestb.in/ and had the same problem. Does anyone have any example endpoints that can be called successfully by the Fenix 5 emulator with "Use Device HTTPS Requirements" enabled?

Also, does anyone have the exact specification that an endpoint is required to meet in order to be accessed using makeWebRequest from a Fenix 5?

Any other thoughts as to what could resolve this would be gratefully received.

Many thanks,
Will
  • I've been using https in apps with makeWebRequest() and they work fine in the sim (regardless of the "Use Device HTTPS requirements" option) and on devices, but I'm hitting well known sites for data, so maybe there's something with your certificate.

    Maybe post the code for your call, as it could have something to do with how you make the request.

    I might have missed it, but does this work if you run the app on the watch and go through GCM? Maybe you're seeing something that's a bit different in the sim (the reason for the option to turn off "Use Device HTTPS requirements", I'd guess)
  • Former Member
    Former Member
    Thanks for your reply Jim.

    At the weekend I tested the app from the watch itself to a LAN instance of the endpoint. I'm not sure if a valid certificate was in place locally which may have been enough to cause that request to fail. I will give it another go tonight but to a deployed version of the endpoint running with a certificate.

    The calls have been variations of the below with/without the headers and response type being set. Most recently I have been testing against a request.bin endpoint.

    function onReceive(responseCode, data) {

    if (responseCode == 200){
    Sys.println("Request Successful" + data);
    var view = View.findDrawableById("QueryLabel");
    view.setText(data["id"]);
    Ui.requestUpdate();
    }
    else {
    Sys.println("Response: " + responseCode + " Data: " + data);
    }

    }

    function makeStartRequest() {
    var url = "requestb.in/18q76at1";

    var options = {
    :methods => Comm.HTTP_REQUEST_METHOD_GET
    //:headers => { "Authorization" => "Basic ZWIwOWQ4MWMtODhkZS00ZGFlLTkzZmUtYjViZTVjNDE4NDY1Og==" },
    //:responseType => Comm.HTTP_RESPONSE_CONTENT_TYPE_JSON
    };

    Comm.makeWebRequest(url, {}, options, method(:onReceive));
    }


    It's interesting that you have had success in the simulator with or without that setting. When testing in the simulator, I've been trying to hit the deployed application running with it's certificate.

    Thanks,
    Will
  • the reason for the option to turn off "Use Device HTTPS requirements", I'd guess
    I thought this option was to prevent http connections which will fail in future. The option is there to allow/disallow http connections since at the moment they are still allowed even if the will fail in the future. This allows people to continue to program apps with http giving them time to migrate to https. I was not aware it would have any effect on the https connection itself. But from what Willii says, this is not the case, so maybe there is a problem with the implementation of this option.
  • Former Member
    Former Member
    Hi guys,

    I have since had some success making web requests on the device itself to two different endpoints. The code remained the same with the Dark Sky API and an in house endpoint being used for testing. I plan to test against a local version of the application again to confirm if it was the certificate which was causing the error.

    The same requests are still failing in the simulator with the "use device HTTPS requirements" setting enabled so I will continue testing with that setting disabled. It would be interesting to know if anyone else has the same problem with the current simulator.

    Thanks,
    Will
  • Hi Willii,
    I'm facing the exact same issue. I kept getting a 404 answer from a custom https JSON request hosted on my web hosting service with SSL/https enabled. It is working though with "use device HTTPS requirements" disabled.
    Not yet tested on the device itself though.
    I'm using latest SDK / Eclipse plugin.

    Any news on this issue ?
  • What you may want to do is post your makewebrequest call, and show things like what you are using for options and parameters. Also, you may want to note win vs iOS, size of the response you are expecting, etc. (doing the paramters as just part of the url could cause problems, for example)

    I know you asked about doing a makewebrequest from a watch face, and if you see this in a background process, you may want to put together a simple widget that can do it in the foreground, as it's easier to trigger the request and you have more memory, which makes it a bit easier to debug.
  • I agree with Jim, please be more verbose with examples...quickest way to get to the point.
Copyright © 1996-2025 Garmin Ltd. or its subsidiaries