LaVOZs

The World’s Largest Online Community for Developers

'; macos - Python "app transport security" error under El Capitan - LavOzs.Com

Some of my Python shell scripts are newly throwing security errors under Apple OSX 10.11, El Capitan. It seems the new App Transport Security doesn't like how the scripts are calling HTTP resources in plain text, rather than using HTTPS.

Fetching http://blahblah.com    
Python[5553:5648168] App Transport Security has blocked a cleartext HTTP (http://) 
resource load since it is insecure. Temporary exceptions can be configured 
via your app's Info.plist file.

How might I go about fixing this? There is no HTTPS resource I can call, so I'm stuck with HTTP. The advice from Apple is to make an exception in the app's info.plist file, but this is a Python script invoked from a shell script, so there is no info.plist file to be edited.

Ideas? The root problem seems to be with webkit2png, which is in Python. Its non-HTTPS requests are being blocked by ATS, and there is no info.plist to modify.

I found a solution here that worked for me: https://apple.stackexchange.com/questions/210588/how-does-one-configure-a-temporary-exception-to-ats-on-el-capitan-and-fix-webkit

First make sure you have a version of webkit2png that is new enough to have the --ignore-ssl-check option. Version 0.5 does NOT have this option.

Second, you need to edit the source file and add a couple lines of code as shown here: https://github.com/bendalton/webkit2png/commit/9a96ac8977c386a84edb674ca1518e90452cee88

Finally use option as indicated in the solution linked above (copied here for convenience):

webkit2png --ignore-ssl-check [options] [http://example/]

Thanks for Arthur Hebert

At first I'm confused for the code then I figure it out

so I summarise the steps as follows for reference

  1. import AppKit

  2. Add the following code in your py script AppKit.NSBundle.mainBundle().infoDictionary()['NSAppTransportSecurity'] = dict(NSAllowsArbitraryLoads = True)

Assume you are sure to use no HTTPS resource in MAC OSX higher than 10.11

The installation of webkit2png is not necessary in my case

Related
How to save a Python interactive session?
How to change the app name in OSX menubar in a pure-Python application bundle?
How to accept “open document” events in py2app based Python app when the app is already running?
PDFtk Server on OS X 10.11
NSAllowsArbitraryLoads not working for ip address
How to disable App Transport Security for a script?
notMNIST not downloadable in TensorFlow Udacity course
the apm(the package manager of atom) start shell run error
Webkit2png not working with --ignore-ssl-check
Python http server does not conform to ATS policy