Kaju self-updater talk (v.2.x)

  1. ‹ Older
  2. last year

    Jon O

    16 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    I've been having some issues with users actually getting data back from Kaju. I put an update out and no one gets notified. I try it in both OS X and Windows 7 and it works fine. I get notified. I am trying to figure out why it works for me but not others. I was wondering if maybe it's because I'm not using HTTPS. So I'm trying that. Kaju reads back nothing when using HTTPS. I have verified entering the URL in my browser and I get the data JSON file no problem. All my certificates are there and correct on the website. So I'm really stumped why Kaju doesn't work for most people and why I can't get it to work with HTTPS. I must be doing something wrong but for the life of me, I can't figure out where....

  3. Beatrix W

    16 Mar 2019 Pre-Release Testers, Third Party Store Europe (Germany)

    Older versions of Kaju had a small problem that http wasn't forwarded to https. This broke my updater. There was a setting?

  4. Jon O

    16 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    @Beatrix W Older versions of Kaju had a small problem that http wasn't forwarded to https. This broke my updater. There was a setting?

    I can see it’s making the HTTPS call. But I’m wondering if something isn’t right since it’s using the older HTTP socket. It should be upgraded to use URLConnection and I’m thinking of doing that but want to make sure that’s absolutely necessary.

    I’m just wondering why even when not using https why it doesn’t seem to work for people other than me either.

  5. Kem T

    16 Mar 2019 Pre-Release Testers, Xojo Pro, XDC Speakers, MVP Connecticut

    AllowRedirect?

  6. Jon O

    16 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    @Kem T AllowRedirect?

    I don’t follow. Nothing is being redirected.

  7. Kem T

    16 Mar 2019 Pre-Release Testers, Xojo Pro, XDC Speakers, MVP Connecticut

    From http to https.

    I'm on my phone and can discuss more later.

  8. Jon O

    16 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA
    Edited last year

    @Kem T From http to https.

    The Get method your HTTPSSocket, has a SetSecure method it calls. I'm using "https:" in the URL. So I don't see where the redirection issue would come from. I see your GetRedirectAddress to get the new URL. I'll try that but I'm not sure what difference it would make...

    Yeah, just tried it. No difference. The GetRedirectAddress gives me the exact same URL I had before.

  9. Beatrix W

    16 Mar 2019 Pre-Release Testers, Third Party Store Europe (Germany)

    The explanation of my problem was too short. I had a http call, then the website was updated to https. I was missing the redirect call so my updater went into nirvana.

    Which version of Kaju are you using? Sync or async? Can you give us the location of your json file for testing? Or make a dummy file and give us the url for this file.

  10. Jon O

    16 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    Hi Beatrix,

    I am using a direct https address call so redirect makes no difference. Here is the file:

    https://www.justaddsoftware.net/downloads/kaju/MediaSwitcher/UpdateInformation

    or

    http://www.justaddsoftware.net/downloads/kaju/MediaSwitcher/UpdateInformation

    I understand I am not using the .json filename extension. I have that file in place as well.

    I'm happy to whip up a little app that people could try to view the file using Kaju.

    Looks like my version is 2.0. I just downloaded the most recent version on Github but I haven't added it to my app yet.

  11. Beatrix W

    16 Mar 2019 Pre-Release Testers, Third Party Store Europe (Germany)

    Your website shouldn't allow the call to http anymore.

    I did a quick check with the https and async execution. There is a status 200 and then - of course - the RSA signature can't be verified. But the basics look okay.

    A test project or app would help.

  12. Jon O

    17 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    @Beatrix W Your website shouldn't allow the call to http anymore.

    I think that is an over broad generalization. There is absolutely zero user data or anything on my website that would need security. I know it's in vogue to have everything locked down but in reality there's nothing that needs to be secure on my site.

    I did a quick check with the https and async execution. There is a status 200 and then - of course - the RSA signature can't be verified. But the basics look okay.

    Kaju uses synchronous execution. Not sure why there would be a signature issue.

    A test project or app would help.

    I'll put something together in the next couple days.

  13. Kem T

    17 Mar 2019 Pre-Release Testers, Xojo Pro, XDC Speakers, MVP Connecticut

    There is now also an asynchronous call that uses the new framework class. Eventually I'll switch both over to URLConnection, but for now, the async call is more compatible.

  14. Jon O

    17 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    OK. I'll update then as that will probably make the UI a bit smoother. If a user can't access my site for whatever reason, the program hangs a bit while waiting for the synchronous call. So that would be nice to have. Still doesn't solve the issue of why my existing users don't see updates...

  15. Jon O

    19 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    Alright, I updated and am using the Async method. I keep getting the following error:

    The update data cannot be read. - Missing security token

    I am not able to get the test app to work with Kem's servers either. I get the same thing.

  16. Kem T

    19 Mar 2019 Pre-Release Testers, Xojo Pro, XDC Speakers, MVP Connecticut

    I just updated the develop branch to include the custom plist entry to allow access to insecure links on the Mac, and it now works fine here. Please get that branch and try again.

  17. Jon O

    19 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    But I am using Https.

  18. Kem T

    19 Mar 2019 Pre-Release Testers, Xojo Pro, XDC Speakers, MVP Connecticut

    If you tried my site through the test app, it does not use https. Have you tried your site through the test app?

  19. Jon O

    19 Mar 2019 Pre-Release Testers, Xojo Pro Chicago Area USA

    OK. I want to try HTTPS. The whole reason I am doing this is that I am having users report to me that they are not getting update information delivered to them. I get it every time I try. So I am wondering if it's some sort of new HTTPS thing since everyone seems to think that you must use HTTPS to even do things that don't need security. Beyond that, do you have any idea why I see updates but others don't? I'm using a server outside my own network.

  20. Kem T

    19 Mar 2019 Pre-Release Testers, Xojo Pro, XDC Speakers, MVP Connecticut

    Firewall or dns issues are the only things that come to mind.

  21. scott b

    19 Mar 2019 Pre-Release Testers, Xojo Pro local coffee shop

    @Jon O OK. I want to try HTTPS. The whole reason I am doing this is that I am having users report to me that they are not getting update information delivered to them. I get it every time I try. So I am wondering if it's some sort of new HTTPS thing since everyone seems to think that you must use HTTPS to even do things that don't need security. Beyond that, do you have any idea why I see updates but others don't? I'm using a server outside my own network.

    the new mantra from the "security" folks is anything that uses non-HTTPS is bad bad bad bad. in their minds everything has to be "secured" or else. This includes internal communications between two servers within their own datacenter. It even includes communication via TCP packets on itself own servers (like connecting to a port on 127.0.0.1 ... )

    I get why security folks rather us use HTTPS over HTTP. But common sense doesnt come into play when they apply the security rules. mostly because if there is ever a breach, the end users/public doesnt care about common sense, just about the blanket rules.

    now this doesnt address why its not working but could explain why people are asking for HTTPS. if not, please ignore me.

    --sb

  22. Newer ›

or Sign Up to reply!