electron-builder: Autoupdater fails on MacOS X

  • Version: 3.0.3
  • Electron updater: 3.1.2
  • Target: mas

Updated to the latest version of Electron. Everything build and publishing good. We are using amazon s3 provider. Files are available. But when i’m trying to update an application (it downloads it but can’t install) - getting following error: Error: The resource could not be loaded because the App Transport Security policy requires the use of a secure connection. at /Applications/Our.app/Contents/Resources/app.asar/node_modules/graceful-fs/polyfills.js:287:18 at FSReqWrap.oncomplete (fs.js:183:5) From previous event: at Object.done (/Applications/Our.app/Contents/Resources/app.asar/node_modules/electron-updater/src/MacUpdater.ts:46:11) at /Applications/Our.app/Contents/Resources/app.asar/node_modules/electron-updater/src/AppUpdater.ts:530:25 at Generator.next (<anonymous>) at runCallback (timers.js:696:18) at tryOnImmediate (timers.js:667:5) at processImmediate (timers.js:649:5) at process.topLevelDomainCallback (domain.js:121:23)

It was OK on version 1.8.* but i can’t migrate to 3.0.3 because of that issue. What can i do with it? Thanks.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 2
  • Comments: 32 (10 by maintainers)

Commits related to this issue

Most upvoted comments

@aguynamedben Thanks for donation, electron-builder 20.38.3 is released. https://github.com/electron-userland/electron-builder/commit/930dc8d

+4
develar on Dec 11, 2018

Please never use "NSAllowsArbitraryLoads": true. electron-builder 20.33.0 adds localhost to NSExceptionDomains by default now, so, you don’t need it at all. But if you want to be really sure, you can set "NSAllowsLocalNetworking": true (but please, please test without it, to ensure that electron-builder default configuration is valid).

According to Apple documentation (https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35) NSAllowsLocalNetworking is not available for macOS 10.12 and older.

The workaround for Supporting Older Operating Systems: Version-specific ATS behavior: In a current operating system, the presence of a fine-grained transport security key (NSAllowsArbitraryLoadsForMedia, NSAllowsArbitraryLoadsInWebContent, or NSAllowsLocalNetworking) overrides the value of the NSAllowsArbitraryLoads key to NO. This allows you to set NSAllowsArbitraryLoads to YES if needed for your app in older operating systems, without disabling ATS generally in current operating systems.

+3
alexdrimbe on Dec 4, 2018

Please never use "NSAllowsArbitraryLoads": true. electron-builder 20.33.0 adds localhost to NSExceptionDomains by default now, so, you don’t need it at all. But if you want to be really sure, you can set "NSAllowsLocalNetworking": true (but please, please test without it, to ensure that electron-builder default configuration is valid).

+3
develar on Nov 7, 2018

Any official word on the cause anywhere yet?

+3
framerate on Oct 15, 2018

@makeitcount If your app has been built with electron-builder and you use built-in autoUpdater (the one bundled in electron, not electron-updater) then soon you will get that NSAppTransportSecurity is not properly configured for allowing connections to external Http update endpoints (for electron prebuilts with macOS SDK 10.12+) due to the fact that NSAllowsArbitraryLoads and NSAllowsLocalNetworking are set to YES simultaneously, and that’s, according to App Transport Security Reference resets NSAllowsArbitraryLoads to default value (NO).

You must explicitly define domains which are allowed to be requested via non-secure HTTP protocol.

"extendInfo": {
    "NSAppTransportSecurity" : {
      "NSExceptionDomains": {
        "your.domain": {
          "NSIncludesSubdomains": true,
          "NSExceptionAllowsInsecureHTTPLoads": true
        }
      }
    }
}

By the way, thank you, @develar , for your efforts on maintaining this project.

+2
lichkessel on Mar 5, 2021

@framerate To clarify — I fixed one bug, then discovered another one, then added another improvement, then I decided to require Electron 3 (to simplify testing and to use new Electron features). That’s why so many electron-updater versions recently 😃

+1
develar on Nov 16, 2018

electron-builder 20.36.2 and electron-updater 4.0.4 are latest versions that were tested and proven to be working. If not, please provide steps to reproduce.

+1
develar on Nov 16, 2018

Please try next pre-release versions:

  • electron-updater 3.2.1
  • electron-builder 20.33.1
+1
develar on Nov 7, 2018

@dafivius I was having this problem and I solved using the following versions:

electron: 3.0.5 electron-builder: 20.20.4 electron-updater: 2.23.3

package.json:

"mac": {
    "type": "distribution",
    "extendInfo": {
        "NSAppTransportSecurity": {
            "NSAllowsArbitraryLoads": true
        }
    },
    "target": [
        "zip"
    ]
}
+1
juliocesaroliveira on Oct 23, 2018

Adding this to package.json helps with the nsapp error


"extendInfo": {
       "NSAppTransportSecurity": {
          "NSAllowsArbitraryLoads": true
        },
        "NSExceptionDomains": {
          "localhost": {
            "NSTemporaryExceptionAllowsInsecureHTTPSLoads": false,
            "NSIncludesSubdomains": false,
            "NSTemporaryExceptionAllowsInsecureHTTPLoads": true,
            "NSTemporaryExceptionMinimumTLSVersion": "1.0",
            "NSTemporaryExceptionRequiresForwardSecrecy": false
          }
        }
      }
+1
gseregni on Oct 11, 2018
Read more comments on GitHub
← electron-builder: Autoupdate downloads new update, but does not successfully update the app on quit.
electron-builder: Autoupdater problem on mac if space in the name →