JDK-8202393 : App Transport Security blocks http media on macOS with JDK build using new compilers
  • Type: Bug
  • Component: javafx
  • Sub-Component: media
  • Affected Version: openjfx11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-04-27
  • Updated: 2020-05-05
  • Resolved: 2018-06-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 Other
8u251Fixed openjfx11Fixed
Description
I get the following error when trying to run the AdvancedMedia sample in the FX Ensemble8 app on macOS 10.12 using a build of the JDK built from the recent compiler upgrade toolchain.

2018-04-26 12:00:01.791 java[22360:886979] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

This works with the promoted jdk-11+10 build.

This appears to be additional security that apple has added when building with newer versions of Xcode or the MacOSX SDK.

I get the same error using the OpenJDK build (without javafx.*modules) with the prototype unbundled FX SDK, so the problem will persist after we remove FX from the JDK. The error doesn���t seem to be specific to FX, but rather looks like a problem accessing certain types of files over http.

I have attached a simple test program that will reproduce the problem.

NOTE: JavaFX has been built using Xcode 9.1 and MacOSX SDK 10.11 since JDK 10.0.1, so the issue seems to be caused by the JDK compiler upgrade on Mac. I can reproduce this when I use a locally built JDK on my Mac, since I have a newer Xcode + MacOSX SDK.
Comments
http://hg.openjdk.java.net/openjfx/jfx-dev/rt/rev/3902793e9e54
08-06-2018
Looks good to me. I verify that it fixes the problem on my Mac. +1
08-06-2018
This proposed fix looks OK to me.
07-06-2018
Please review the following: http://cr.openjdk.java.net/~almatvee/8202393/webrev.00/ Reviewers: kcr Starting with SDK 10.11 (main executable in our case java launcher build with SDK 10.11) AVFoundation requires to use HTTPS protocol and HTTP is blocked by default, unless exception is configured in Info.plist. To allow HTTP support NSAllowsArbitraryLoads and NSAllowsArbitraryLoadsForMedia needs to be set to YES. Instead of Info.plist I am adding these keys dynamically before loading AVFoundation. This approach seems to work fine. Both keys needs to be set based on Apple documentation to work correctly on different OS X versions.
07-06-2018
Assigning this to javafx/media for analysis. It might be the case that this is a bug in the JDK, and if so, we'll reassign.
16-05-2018