Community
Participate
Working Groups
Eclipse 2020-09 macOS 10.15.7 Opening HTTP URLs in a self-hosting Eclipse workbench causes an error: "Page load failed with error: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." This works for a regularly launched Eclipse instance, but not for a self-hosted instance. Tried running the self-hosted instance with various JDKs, but that didn't change anything.
Hi Martin, I am curious why you think this is related to the launcher? Doesn't this belong in SWT or whatever is controlling the browser widget being used? I may not be understanding the scenario. Where in the UI are you trying to open the HTTP URLs? Do you know if this is mac specific?
I found bug 530246, which seems to be related, and why I filed the bug in the same category. It looks like the difference is the way Eclipse is launched. In contrast to the bug above I observe this issue when running self-hosted mode only. But the choice of the component was purely based in the bug above and might be totally off.
Lakshmi, what is your opinion on the component this should go against? Thanks.
(In reply to Martin Lippert from comment #2) > I found bug 530246, which seems to be related, and why I filed the bug in > the same category. > > It looks like the difference is the way Eclipse is launched. In contrast to > the bug above I observe this issue when running self-hosted mode only. But > the choice of the component was purely based in the bug above and might be > totally off. As mentioned in the page [1], this is the default behavior of ATS for apps linked with macOS 10.11 SDK and later. Eclipse launcher is linked with 10.10 SDK, so the ATS is disabled and we don't see this with Eclipse SDK. For Eclipse in self-hosted mode or SWT snippet, the launching app is Java. The latest Java versions are all linked with newer macOS SDKs. You can check this using tool on the binary file. otool -l eclipse| grep sdk [1] - https://developer.apple.com/documentation/bundleresources/information_property_list/nsapptransportsecurity?language=objc
(In reply to Thomas Watson from comment #3) > Lakshmi, what is your opinion on the component this should go against? > Thanks. Happens with SWT BrowserExample too, so it's SWT. But this is the default behavior of ATS on newer Macs so I'm not sure if it can be fixed.
I tried to configure the JDK that I use to run the runtime workbench to allow all network connections my adding this to the Info.plist file: <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict> But that doesn't seem to solve the issue... :-(
This item sounds related: https://wiki.eclipse.org/Talk:FAQ_How_do_I_display_a_Web_page_in_SWT%3F
Had the same problem and I can confirm that the following java snippet resolves the issue (as pointed out at https://wiki.eclipse.org/Talk:FAQ_How_do_I_display_a_Web_page_in_SWT%3F) if (Platform.OS_MACOSX.equals(Platform.getOS())) { NSDictionary allowNonHttps = NSDictionary.dictionaryWithObject( NSNumber.numberWithBool(true), NSString.stringWith("NSAllowsArbitraryLoads")); NSBundle.mainBundle().infoDictionary().setValue( allowNonHttps, NSString.stringWith("NSAppTransportSecurity")); } Of course this may only be executed if the platform that the plugins runs on is macos as the API is only present in the macos flavor of SWT.
(In reply to Andre Dietisheim from comment #8) > Had the same problem and I can confirm that the following java snippet > resolves the issue (as pointed out at Where do you add this code?
the problem with that code is that it is really touching internal swt api that is also OSX specific I think that pinfo.list addition should work (i got that from a co worker that it works for him then) But how can you really nicely do that if you build your application with tycho? I don't think there is a nice hook right?
(In reply to Martin Lippert from comment #6) > I tried to configure the JDK that I use to run the runtime workbench to > allow all network connections my adding this to the Info.plist file: > > <key>NSAppTransportSecurity</key> > <dict> > <key>NSAllowsArbitraryLoads</key> > <true/> > </dict> > > But that doesn't seem to solve the issue... :-( Adding that to the Info.plist worked for my (in Spring Tools Suite 4.12.0, which is based on Eclipse Platform 4.21.0) on MacOS 11.5.2. Of course I shut down STS to make the plist change, then started it up again and the internal browser view can now open non-secure https:// URLs.
Ugh, typo above and Bugzilla doesn't have Edit Comment. I meant to say that the internal browser view can now open non-secure http:// URLs.
(In reply to Onder Secen from comment #9) > (In reply to Andre Dietisheim from comment #8) > > Had the same problem and I can confirm that the following java snippet > > resolves the issue (as pointed out at > > Where do you add this code? I execute this before I open the browser. allowNonHttpsConnections(); browser = new Browser(this, SWT.NONE); You can of course execute this in the blugin activator so that the non-HTTPS connections get allowed as soon as your plugin is started. ps. as pointed out in https://bugs.eclipse.org/bugs/show_bug.cgi?id=568749#c10 this is of course critical as it overrides a MacOS security policy. We therefore ask users upfront if they want to introduce this exception ("Non-Https connection required. Introduce an exception default security policy to allow it?") since we cannot switch our connection to secure https.
(In reply to Andre Dietisheim from comment #8) > Had the same problem and I can confirm that the following java snippet > resolves the issue (as pointed out at > https://wiki.eclipse.org/Talk:FAQ_How_do_I_display_a_Web_page_in_SWT%3F) > > if (Platform.OS_MACOSX.equals(Platform.getOS())) { > NSDictionary allowNonHttps = NSDictionary.dictionaryWithObject( > NSNumber.numberWithBool(true), > NSString.stringWith("NSAllowsArbitraryLoads")); > NSBundle.mainBundle().infoDictionary().setValue( > allowNonHttps, NSString.stringWith("NSAppTransportSecurity")); > } > > Of course this may only be executed if the platform that the plugins runs on > is macos as the API is only present in the macos flavor of SWT. This code works for us in individual plugins added to the Eclipse IDE. It wont for our branded Eclipse (Red Hat Codeready Studio). For our branded Eclipse only modifying Info.plist helps.
(In reply to Andre Dietisheim from comment #14) > (In reply to Andre Dietisheim from comment #8) > > Had the same problem and I can confirm that the following java snippet > > resolves the issue (as pointed out at > > https://wiki.eclipse.org/Talk:FAQ_How_do_I_display_a_Web_page_in_SWT%3F) > > > > if (Platform.OS_MACOSX.equals(Platform.getOS())) { > > NSDictionary allowNonHttps = NSDictionary.dictionaryWithObject( > > NSNumber.numberWithBool(true), > > NSString.stringWith("NSAllowsArbitraryLoads")); > > NSBundle.mainBundle().infoDictionary().setValue( > > allowNonHttps, NSString.stringWith("NSAppTransportSecurity")); > > } > > > > Of course this may only be executed if the platform that the plugins runs on > > is macos as the API is only present in the macos flavor of SWT. > > This code works for us in individual plugins added to the Eclipse IDE. It > wont for our branded Eclipse (Red Hat Codeready Studio). For our branded > Eclipse only modifying Info.plist helps. The most likely explanation for the branded Eclipse IDE not being able to correct ATS at runtime while the vanilla Eclipse IDE can is that the our branded IDE is not signed.
Does the platform team plan to update the plist so that this usecase works? If so, the the Eclipse IDE packages (EPP) can make the same change.
(In reply to Jonah Graham from comment #16) > Does the platform team plan to update the plist so that this usecase works? > If so, the the Eclipse IDE packages (EPP) can make the same change. I am interested in incorporating something like this into our product build (Spring Tools). Is there a way to add this piece to the plist from within a product/epp build?
I am also facing this issue. When opening a a local html file (which is in my project folder) in the internal brower while developing, I get this error: Page load failed with error: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. I use MacOS 10.14 Would be nice to include a checkbox in Eclipse: "Preferences->WebBrower-> "restrict https" (when disabling, http sites can be opened in a "unsecure connection).
we are using with Tycho build this plugin: https://github.com/Servoy/servoy-eclipse/blob/master/com.servoy.eclipse.product/pom.xml#L148 That does work when installing the product, the info.plist is nice. But when we then update the product through the "check for updates" then that part is reset.. the: <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsLocalNetworking</key> <true/> </dict> is completely removed again.. Who does that? Is there another file i need to update? or is this completely generated all the time from java code?
found it: https://github.com/Servoy/servoy-eclipse/commit/f04b68d00de51f79fc141833212a6e9ca07a1846 i needed to make sure that the archive-repository goal was done later. so the p2 site did have the adjusted code.