Allow Insecure URLs

[dotsam]

At least on Big Sur 11.3.1, App Transport Security doesn't allow access to http URLs by default. I've got some internal tools that don't use TLS, so I've added the plist keys mentioned here to the stub app's Info.plist, which has allowed it to load the insecure URL. You could make this an option at app creation time to add this key to the stub app to allow it to open any insecure URL, or possible provide a user-specified whitelist?

[kofigumbs]

Thanks for doing the initial research here. I'll take a look next time I get a chunk of time for Multi updates.

[itskaizad]

Seems like the plist fix no longer works. Added the following inside the root dict

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
</dict>

Even after doing this my Multi app remains a grey box with the following error in the console.
Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “localhost” which could put your confidential information at risk.

---

My Multi app config is as follows:

{
  "tabs": [
    {
      "title": "VVRP",
      "url": "https://localhost:8443/client.html?deviceId=cvd-1"
    }
  ],
  "openNewWindowsWith": "com.microsoft.edgemac",
  "terminateWithLastWindow": true
}

Running on an M2 Mac