skip to Main Content

I know that in Apple docs, they say this:

After you construct the association file, place it in your site’s
.well-known directory. The file’s URL should match the following
format:

https:///.well-known/apple-app-site-association You must host the file
using https:// with a valid certificate and with no redirects.

Our site is not using https, but rather http, but apple-app-site-association file is hosted using https. That is achieved by:

  • using letsencrypt and certbot, which gives valid certificate
  • some nginx configuration so that all works

I am not a devops, so I don’t know details about above, but if we go to ASAA validator (https://branch.io/resources/aasa-validator/) we get this:

enter image description here

The apple-app-site-association file looks like this:

{
    "applinks": {
        "apps": [],
        "details": [
            {
                "appID": "com.xxx.MyApp",
                "paths": [ "/#/new-password/*", "/#/new-password/"]
            }
        ]
    }
}

In developer portal, I have enabled associated domains, and in Xcode, Associatied Domains-> Domains setting looks like this:

applinks:mysite.dev.com

Also in ApplicationDelegate I have implemented continueUserActivity method in AppDelegate, but it doesn’t trigger, and when I click on a password reset link (from a mailtrap) my application doesn’t open, but rather web link is opened (the site).

Link has this structure:

http://mysite.dev.com/#/new-password/a-random-hash-goes-here

Is this problem cause only apple-app-site-association is server on https, but rest of site trough https?

Or, maybe, there is a problem with structure of a file? (specifically paths key)?

2

Answers


  1. From apples documentation:

    If your app runs in iOS 9 or later and you use HTTPS to serve the apple-app-site-association file, you can create a plain text file that uses the application/json MIME type and you don’t need to sign it

    So in yours case I think iOS doesn’t tried to download it through HTTPS version and get unsigned apple-app-site-association

    I see two posible solutions:

    1. sign apple-app-site-association
    2. redirect user anyway at https if you have valid certificate
    Login or Signup to reply.
  2. You could try the following, in the Info.plist file of your app add the following keys:

    1. Add a Key called NSAppTransportSecurity as a Dictionary
    2. Then add the following subkeys:
    • Add a subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES
    • Add a subkey called NSTemporaryExceptionMinimumTLSVersion as String and set its value to TLSv1.2.
      The above would see as the following image:
      enter image description here

    And the code would be like:

        <key>NSAppTransportSecurity</key>
        <dict>
            <key>NSAllowsArbitraryLoads</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
        </dict>
    
    1. Clean and build the project and test your universal link using the HTTP protocol

    If the before steps don’t work, you could try to add exceptions for specific domains in your Info.plist:

    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>mysite.dev.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <true/>
                <key>NSExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
                <false/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <true/>
                <key>NSThirdPartyExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSRequiresCertificateTransparency</key>
                <false/>
            </dict>
        </dict>
    </dict>
    

    The above is just experimentally, take in mind that if your app doesn’t have a good reason to allow HTTP traffic it could be rejected by Apple, I share with you some interesting links:

    https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
    https://developer.apple.com/videos/play/wwdc2015/703/
    https://github.com/AFNetworking/AFNetworking/issues/2779#issuecomment-112030880

    Regards!

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search