[GH-ISSUE #57] Issue: App Transport Security prevents local insecure connections on the App Store version #56

New issue

Closed

opened 2026-03-03 16:43:13 +03:00 by kerem · 5 comments

kerem commented

2026-03-03 16:43:13 +03:00

Owner

Originally created by @TheWojtek on GitHub (Feb 19, 2026).
Original GitHub issue: https://github.com/nickustinov/itsyhome-macos/issues/57

As I mentioned it on Reddit, the app (downloaded from the App Store, I am too lazy to check for updates manually) prevents local connections using unsecure http as per Apples App Transport Security which is mandatory for apps distributed via Apple App Store.

This prevents an insecure connection to a local HA server.

Possibly may be overridden by NSAllowsLocalNetworking or NSAllowsArbitraryLoads (which seems just too open for me). The documentation is unfortunately rather vague about "local networking", since it does not say if it is the subnet of the local machine or all subnets using common external IP (which in my case would definitely work, as my whole HA setup including my Zigbee coordinator and wifi-connected IoT runs on a dedicated subnet different from "regular" devices, computers, phones etc.)

I worked my way around by connecting to my secure outside world URL, however it would be great to keep the communication local.

Originally created by @TheWojtek on GitHub (Feb 19, 2026). Original GitHub issue: https://github.com/nickustinov/itsyhome-macos/issues/57 As I mentioned it on [Reddit](https://www.reddit.com/r/homeassistant/comments/1r8uczz/comment/o6acncx/), the app (downloaded from the App Store, I am too lazy to check for updates manually) prevents local connections using unsecure http as per Apples [App Transport Security](https://developer.apple.com/documentation/bundleresources/information-property-list/nsapptransportsecurity) which is mandatory for apps distributed via Apple App Store. This prevents an insecure connection to a local HA server. Possibly may be overridden by [NSAllowsLocalNetworking](https://developer.apple.com/documentation/bundleresources/information-property-list/nsapptransportsecurity/nsallowslocalnetworking) or [NSAllowsArbitraryLoads](https://developer.apple.com/documentation/bundleresources/information-property-list/nsapptransportsecurity/nsallowsarbitraryloads) (which seems just too open for me). The documentation is unfortunately rather vague about "local networking", since it does not say if it is the subnet of the local machine or all subnets using common external IP (which in my case would definitely work, as my whole HA setup including my Zigbee coordinator and wifi-connected IoT runs on a dedicated subnet different from "regular" devices, computers, phones etc.) <img width="546" height="416" alt="Image" src="https://github.com/user-attachments/assets/c16045b9-0221-4806-8a65-da7a71fac194" /> I worked my way around by connecting to my secure outside world URL, however it would be great to keep the communication local.

kerem added the

pending release

bug

labels

2026-03-03 16:43:13 +03:00

kerem referenced this issue

2026-03-03 16:43:13 +03:00

[GH-ISSUE #56] Feature Request - Both Instances #57

kerem closed this issue

2026-03-03 16:43:13 +03:00

kerem commented

2026-03-03 16:43:15 +03:00

Author

Owner

@nickustinov commented on GitHub (Feb 23, 2026):

Hi! Could you please try installing build 229 from TF and let me know if the issue is fixed.

@nickustinov commented on GitHub (Feb 23, 2026): Hi! Could you please try installing build 229 from TF and let me know if the issue is fixed.

kerem commented

2026-03-03 16:43:15 +03:00

Author

Owner

@nickustinov commented on GitHub (Feb 23, 2026):

https://testflight.apple.com/join/aMweYMF5

@nickustinov commented on GitHub (Feb 23, 2026): https://testflight.apple.com/join/aMweYMF5

kerem commented

2026-03-03 16:43:15 +03:00

Author

Owner

@TheWojtek commented on GitHub (Feb 24, 2026):