Interact with cloudfront directly for iOS 13
This commit is contained in:
parent
0f1924cdb4
commit
e39e9774a4
@ -23,6 +23,8 @@ extern NSString *const OWSFrontingHost_GoogleQatar;
|
||||
|
||||
+ (BOOL)isCensoredPhoneNumber:(NSString *)e164PhoneNumber;
|
||||
|
||||
+ (AFSecurityPolicy *)pinningPolicyWithCertNames:(NSArray<NSString *> *)certNames;
|
||||
|
||||
@property (nonatomic, readonly) NSString *signalServiceReflectorHost;
|
||||
@property (nonatomic, readonly) NSString *CDNReflectorHost;
|
||||
@property (nonatomic, readonly) NSURL *domainFrontBaseURL;
|
||||
|
||||
@ -239,7 +239,13 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
|
||||
OWSLogInfo(@"using reflector CDNSessionManager via: %@", censorshipConfiguration.domainFrontBaseURL);
|
||||
result = [self reflectorCDNSessionManagerWithCensorshipConfiguration:censorshipConfiguration];
|
||||
} else {
|
||||
result = self.defaultCDNSessionManager;
|
||||
// On iOS 13 there is a bug that currently prevents us from telling iOS our CDN is trusted.
|
||||
// As a workaround, connect to cloudfront directly for now.
|
||||
if (@available(iOS 13, *)) {
|
||||
result = self.iOS13CDNSessionManager;
|
||||
} else {
|
||||
result = self.defaultCDNSessionManager;
|
||||
}
|
||||
}
|
||||
// By default, CDN content should be binary.
|
||||
result.responseSerializer = [AFHTTPResponseSerializer serializer];
|
||||
@ -263,6 +269,24 @@ NSString *const kNSNotificationName_IsCensorshipCircumventionActiveDidChange =
|
||||
return sessionManager;
|
||||
}
|
||||
|
||||
- (AFHTTPSessionManager *)iOS13CDNSessionManager
|
||||
{
|
||||
NSURL *baseURL = [[NSURL alloc] initWithString:textSecureDirectCDNServerURL];
|
||||
OWSAssertDebug(baseURL);
|
||||
|
||||
NSURLSessionConfiguration *sessionConf = NSURLSessionConfiguration.ephemeralSessionConfiguration;
|
||||
AFHTTPSessionManager *sessionManager = [[AFHTTPSessionManager alloc] initWithBaseURL:baseURL
|
||||
sessionConfiguration:sessionConf];
|
||||
|
||||
sessionManager.securityPolicy =
|
||||
[OWSCensorshipConfiguration pinningPolicyWithCertNames:@[ @"DigiCertGlobalRootG2" ]];
|
||||
|
||||
// Default acceptable content headers are rejected by AWS
|
||||
sessionManager.responseSerializer.acceptableContentTypes = nil;
|
||||
|
||||
return sessionManager;
|
||||
}
|
||||
|
||||
- (AFHTTPSessionManager *)reflectorCDNSessionManagerWithCensorshipConfiguration:
|
||||
(OWSCensorshipConfiguration *)censorshipConfiguration
|
||||
{
|
||||
|
||||
@ -28,6 +28,7 @@ typedef NS_ENUM(NSInteger, TSWhisperMessageType) {
|
||||
#define textSecureWebSocketAPI @"wss://textsecure-service.whispersystems.org/v1/websocket/"
|
||||
#define textSecureServerURL @"https://textsecure-service.whispersystems.org/"
|
||||
#define textSecureCDNServerURL @"https://cdn.signal.org"
|
||||
#define textSecureDirectCDNServerURL @"https://d83eunklitikj.cloudfront.net"
|
||||
// Use same reflector for service and CDN
|
||||
#define textSecureServiceReflectorHost @"europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
#define textSecureCDNReflectorHost @"europe-west1-signal-cdn-reflector.cloudfunctions.net"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user