BTW if you want to add a whitelist for ATS in the plist, here are some more details on which keys/values you need and how to add them:
http://forums.livecode.com/viewtopic.php?f=49&t=28294 Best, Panos -- On Wed, Jul 25, 2018 at 3:16 PM, panagiotis merakos <merak...@gmail.com> wrote: > Hi Ben, > > The "App URL Query Whitelist" field is for specifying a list of custom > url schemes that the standalone can launch (using the "launch URL > custom_url_scheme" command) on iOS 9+. > > See bug https://quality.livecode.com/show_bug.cgi?id=18687 for more > details. > > Best, > Panos > -- > > On Wed, Jul 25, 2018 at 2:56 PM, Ben Rubinstein via use-livecode < > use-livecode@lists.runrev.com> wrote: > >> Aha! Thanks Sean, that was a good tip: I now understand the problem. >> >> On simulator, my cut-down test app worked fine. >> >> On device, console shows: >> >>> App Transport Security has blocked a cleartext HTTP (http://) resource >>> load since it is insecure. Temporary exceptions can be configured via your >>> app's Info.plist file. >>> >> >> The Oauth2 library requires the redirect URL to be of the form >> `http://127.0.0.1:port` - you pass the port number to the library, it >> assumes the `http://127.0.0.1`. >> >> The Dropbox app setup allows you to specify an HTTP redirect (but only >> for localhost redirect URLs). So this is all good - except it appears that >> iOS is not so happy! Not sure why an http connection to localhost should be >> insecure, but there you go. (Or indeed why ATS doesn't kick in on the >> simulator?) >> >> I've posted a report in the QCC (#21442) to extend Oauth2 command to in >> some way allow the redirect URL to be HTTPs. >> >> In the meantime, I resigned myself to doing a custom info.plist, but >> found something that I'd not spotted before in the iOS Standalone Spp >> Settings: "App URL Query Whitelist" - which I thought might be exactly what >> I needed. Although I couldn't find any documentation for it. >> >> I still don't know what it does - but it doesn't do this! Does anyone >> know what it does do? >> >> There is also a checkbox "Disable ATS" - checking this displays a dire >> warning, doubtless correctly; but does indeed provide an easier way to >> solve the problem, at least for development. What it would do to your >> chances of getting an app into the App Store is another question. >> >> I've also added a report in the QC (#21444) - I thought I'd done this >> before, but maybe I just whinged on the mailing lists - for the Standalone >> Builder to support generic additions to the info.plist rather than >> requiring a completely separate one for anything unsupported. >> >> Ben >> >> >> On 24/07/2018 22:22, Pi Digital via use-livecode wrote: >> >>> Open a console with either the device connected or the simulator and see >>> what calls are made when the allow button is pressed >>> >>> >>> On 24 Jul 2018, at 19:20, Ben Rubinstein via use-livecode < >>>> use-livecode@lists.runrev.com> wrote: >>>> >>>> I feel I've been through this before, but I've not been on it for a >>>> while, and I'm still (again) stuck. >>>> >>>> Using Oauth2 to connect an app to the Dropbox API works fine on desktop. >>>> >>>> On iOS, I get the overlay; with the Dropbox log-in; I sign in, and it >>>> then shows the message that this app would like access to the files in >>>> Dropbox, with buttons (from Dropbox) Cancel or Allow (and a link "Learn >>>> more"). >>>> >>>> However, neither the Cancel nor Allow buttons do anything. Fortunately >>>> there is now an LC 'cancel' button at the bottom of the overlay (thanks >>>> Monte! https://github.com/livecode/livecode/pull/6315). >>>> >>>> But something's not happening which should (I assume) happen when the >>>> user touches "Allow". (There is a tiny bit of visible feedback.) >>>> >>>> I know on a previous occasion I solved my issue with inclusions, but I >>>> don't think that's the problem this time. I have (manual inclusions) the >>>> Browser widget, the JSON and Oauth2 libraries, and the internet library. >>>> The call to Oauth2 is wrapped in a try block, and I'm not seeing a catch >>>> (can't be sure that I would, but when I use the new emergency cancel, my >>>> script just reports "Not authorised" where if I drop the Oauth2 library, I >>>> get a dialog reporting the catch). >>>> >>>> What am I missing? Is anyone else able to succesfully connect to >>>> Dropbox using the Oauth2 library on LC 9.0.0, iOS 9.3 (or any similar >>>> environments)? >>>> >>>> TIA, >>>> >>>> Ben >>>> >>>> >>>> _______________________________________________ >>>> use-livecode mailing list >>>> use-livecode@lists.runrev.com >>>> Please visit this url to subscribe, unsubscribe and manage your >>>> subscription preferences: >>>> http://lists.runrev.com/mailman/listinfo/use-livecode >>>> >>> >>> >>> _______________________________________________ >>> use-livecode mailing list >>> use-livecode@lists.runrev.com >>> Please visit this url to subscribe, unsubscribe and manage your >>> subscription preferences: >>> http://lists.runrev.com/mailman/listinfo/use-livecode >>> >>> >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> > > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
