Big Sur & localhost - any new plist or security hitches?

Sean_Arney · December 26, 2020, 3:45am

I have a desktop application that communicates with several external rest api apps via the localhost. Im just starting to debug my app on big sur and I am getting an error 22 from the connection method on the first one that needs to connect. It seems like that happened before if the plist didnt provide proper security access so Im wondering if anyone knows. This application works well on Catalina and Win10 so Im thinking it must be big sur related security? Im googling but not finding anything yet.

kr,
-sean

DerkJ · December 26, 2020, 1:39pm

Error 22 = invalid argument

Check “https” or some other http part you have missing or invalid

Sean_Arney · December 26, 2020, 2:16pm

@DerkJ - thank you. Heres my plist - Im not seeing anything. I am checking all the calls to these endpoints but they all work fine up until b.s. It really seems like something changed as to how to allow these calls but I am not finding anything so far…

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>NSAppTransportSecurity</key>
	<dict>
		<key>NSExceptionDomains</key>
		<dict>
			<key>127.0.0.1</key>
			<dict>
				<key>NSIncludesSubdomains</key>
				<true/>
				<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
				<true/>
			</dict>
			<key>localhost</key>
			<dict>
				<key>NSIncludesSubdomains</key>
				<true/>
				<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
				<true/>
			</dict>
		</dict>
	</dict>
</dict>
</plist>

Greg_O_Lone · December 26, 2020, 2:24pm

The docs specifically say not to use IP Addresses within this key.

I suspect what you’re looking for is NSAllowsLocalNetworking:

Sean_Arney · December 26, 2020, 3:01pm

Oh wow. Thanks Greg. I will get that out of there. It seems like on Win I had to use the numeric address and changed all the calls to use numeric as a result probably added that. I dont quite recall but I will definately ge that out as i had not known that. The NSAllowsLocalNetworking seems to be red flag though on MAS but I will certainly dig deeper.

Greg_O_Lone · December 26, 2020, 10:20pm

It’s fine to use the numeric address in your code, just not in an NSExceptionDomains entry in your plist file.

Arnaud_N · December 27, 2020, 9:38pm

While that’s true, I also often get this error code when the remote host is just unreachable. This error code 22 can mean beyond what it describes.
I’m thinking not being able to reach a computer also means a “bad parameter” (i.e. the address or port is bad, since the connection won’t work).

Greg_O_Lone · December 27, 2020, 11:09pm

On macOS, network error 22 means that it disconnected.

Sean_Arney · December 27, 2020, 11:22pm

Right, I cant quite figure out whats going on yet as this connects on everything prior to bigsur and the creds arent different. I do remember getting this same error though before when I couldnt find the server. This is running on the local host with a known port so Im fairly mixed up as to why this isnt connecting. Is there a difference in the “Resources Folder” security wise, usage wise etc., in bigsur? Should I not be using that folder?

Sam_Rowlands · December 28, 2020, 9:58am

Two things.

Are you sure the helper is running and connected to the port you expect it to be?
Is your helper in the Resources folder of the main app? If so, this is not the recommended place.

Some recommended locations are.

/Contents/MacOS/
/Contents/Helpers/
/Contents/Frameworks/
/Contents/PlugIns/

Sean_Arney · December 28, 2020, 1:29pm

Thank you Sam - no and yes. I suspect it is the Resources location and am going to move it now. Of those you listed, is there a best one cross platform? This is a db application - which I took from the UG was the right location for such. Silly me, I know, I read that too quickly? (It doesnt say only to store thigns there). So I am thinking now that the “App Parent” will be the place for this?

Tim_Jones · December 28, 2020, 4:15pm

I would vote for the top level (MacOS) as you say since the others don’t really fit.

Sam_Rowlands · December 29, 2020, 4:03am

IMHO, making sure that the helper is operational and bound to the correct port is probably the most critical.

Moving it to a different folder, probably won’t make that much different at this point, but certainly when it comes to shipping and future updates, it is advisable to follow the Apple guidelines on this.

The other thing to try, is to make sure that the compiled app in the Applications folder. It sounds odd, because it is odd, on the other hand, I’ve had App Store apps refuse to validate the receipts on any other folder than Applications and who knows what else now only works when the application is in the Applications folder.

Greg_O_Lone · December 29, 2020, 5:18am

Just out of curiosity, how are you determining the port number to listen on?

Sean_Arney · December 29, 2020, 1:43pm

Thanks guys - good advice, I will get them both in apps to run and check that but the test projects run on their own from their own build folders in xojo so it cant be an Applications folder limitation so far. The port is determined by the helper apps and is static. I have pulled the whole project appart now and am adding the helpers back in so should be hard at today after a few meetings. more soon.

Greg_O_Lone · December 31, 2020, 6:00pm

This may be an issue. It could be that the ports you chose in Catalina aren’t available in Big Sur.

Greg_O_Lone · December 29, 2020, 7:28pm

Have you thought about using a server socket and then telling the helpers which port to use when they are launched?

Sean_Arney · December 29, 2020, 7:31pm

this is probably whats going on - great advice greg. I will start looking at that

Sean_Arney · December 31, 2020, 6:01pm

This is a port issue greg, you were right about that, thank you. I dont quite have it fully solved yet but Im pretty darn sure thats what was causing me some troubles