From e87d392c2fade04e520e30604ee02a9d69b9a75a Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Mon, 18 Nov 2019 14:51:34 -0600 Subject: [PATCH 1/2] iOS HPKP --- .gitmodules | 3 + ios/StandardNotes.xcodeproj/project.pbxproj | 135 ++++++++++++++++++++ ios/StandardNotes/AppDelegate.m | 72 ++++++++--- package-lock.json | 2 +- vendor/TrustKit | 1 + 5 files changed, 197 insertions(+), 16 deletions(-) create mode 160000 vendor/TrustKit diff --git a/.gitmodules b/.gitmodules index 62d8fe56..54c67c77 100644 --- a/.gitmodules +++ b/.gitmodules @@ -28,3 +28,6 @@ [submodule "vendor/standard-notes-rn"] path = vendor/standard-notes-rn url = git@github.com:standardnotes/standard-notes-rn.git +[submodule "vendor/TrustKit"] + path = vendor/TrustKit + url = git@github.com:datatheorem/TrustKit.git diff --git a/ios/StandardNotes.xcodeproj/project.pbxproj b/ios/StandardNotes.xcodeproj/project.pbxproj index 146c6ced..c38084fd 100644 --- a/ios/StandardNotes.xcodeproj/project.pbxproj +++ b/ios/StandardNotes.xcodeproj/project.pbxproj @@ -56,6 +56,7 @@ CD399CE321E181C7006106AE /* Red.png in Resources */ = {isa = PBXBuildFile; fileRef = CD399CE021E181C6006106AE /* Red.png */; }; CD399CE421E181C7006106AE /* Red@3x.png in Resources */ = {isa = PBXBuildFile; fileRef = CD399CE121E181C7006106AE /* Red@3x.png */; }; CD399CE521E181C7006106AE /* Red@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = CD399CE221E181C7006106AE /* Red@2x.png */; }; + CD50B91C23832722003C261C /* TrustKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD50B90C238325F4003C261C /* TrustKit.framework */; }; CD534871234FD44900FCD828 /* libSNReactNative.a in Frameworks */ = {isa = PBXBuildFile; fileRef = CD534870234FD43200FCD828 /* libSNReactNative.a */; }; CD743C792342ACC700535CC9 /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = ED297162215061F000B7C4FE /* JavaScriptCore.framework */; }; CD743CCE2342AD3F00535CC9 /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = ED297162215061F000B7C4FE /* JavaScriptCore.framework */; }; @@ -313,6 +314,62 @@ remoteGlobalIDString = 134814201AA4EA6300B7C361; remoteInfo = RNStoreReview; }; + CD50B90B238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8C8480471A896EE30017C155; + remoteInfo = TrustKit; + }; + CD50B90D238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8C8716961B23A91D00267E1D; + remoteInfo = TrustKit_Static; + }; + CD50B90F238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8C8480521A896EE30017C155; + remoteInfo = TrustKitTests; + }; + CD50B911238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8CA6CBFD1BAE2ADD00BDA419; + remoteInfo = "TrustKit OS X"; + }; + CD50B913238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8CA6CC061BAE2ADD00BDA419; + remoteInfo = "TrustKit OS XTests"; + }; + CD50B915238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8C84CBB21D6E0981009B3E7D; + remoteInfo = "TrustKit tvOS"; + }; + CD50B917238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8C84CBDD1D6E1718009B3E7D; + remoteInfo = "TrustKit tvOS Tests"; + }; + CD50B919238325F4003C261C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 8CC5D24E1D6E64D10074F515; + remoteInfo = "TrustKit watchOS"; + }; CD53486F234FD43200FCD828 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = CD534835234FD43200FCD828 /* SNReactNative.xcodeproj */; @@ -549,6 +606,7 @@ CD399CE021E181C6006106AE /* Red.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = Red.png; sourceTree = ""; }; CD399CE121E181C7006106AE /* Red@3x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "Red@3x.png"; sourceTree = ""; }; CD399CE221E181C7006106AE /* Red@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "Red@2x.png"; sourceTree = ""; }; + CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = TrustKit.xcodeproj; path = ../vendor/TrustKit/TrustKit.xcodeproj; sourceTree = ""; }; CD534835234FD43200FCD828 /* SNReactNative.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = SNReactNative.xcodeproj; path = "../vendor/standard-notes-rn/ios/SNReactNative.xcodeproj"; sourceTree = ""; }; CDB58A041F6C516B009EF868 /* RCTAes.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = RCTAes.xcodeproj; path = "../vendor/react-native-aes/ios/RCTAes.xcodeproj"; sourceTree = ""; }; CDB58A0A1F6C5174009EF868 /* ReactNativeFingerprintScanner.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = ReactNativeFingerprintScanner.xcodeproj; path = "../vendor/react-native-fingerprint-scanner/ios/ReactNativeFingerprintScanner.xcodeproj"; sourceTree = ""; }; @@ -578,6 +636,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + CD50B91C23832722003C261C /* TrustKit.framework in Frameworks */, CD534871234FD44900FCD828 /* libSNReactNative.a in Frameworks */, ED297163215061F000B7C4FE /* JavaScriptCore.framework in Frameworks */, CD399CD021E16BD6006106AE /* libReactNativeAlternateIcons.a in Frameworks */, @@ -801,6 +860,7 @@ 832341AE1AAA6A7D00B99B32 /* Libraries */ = { isa = PBXGroup; children = ( + CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */, CD534835234FD43200FCD828 /* SNReactNative.xcodeproj */, CD399C9921E16BCC006106AE /* ReactNativeAlternateIcons.xcodeproj */, CD17664C1F795AE500165C83 /* SNTextView.xcodeproj */, @@ -909,6 +969,21 @@ name = Products; sourceTree = ""; }; + CD50B8C8238325F4003C261C /* Products */ = { + isa = PBXGroup; + children = ( + CD50B90C238325F4003C261C /* TrustKit.framework */, + CD50B90E238325F4003C261C /* libTrustKit_Static.a */, + CD50B910238325F4003C261C /* TrustKitTests.xctest */, + CD50B912238325F4003C261C /* TrustKit.framework */, + CD50B914238325F4003C261C /* TrustKit OS XTests.xctest */, + CD50B916238325F4003C261C /* TrustKit.framework */, + CD50B918238325F4003C261C /* TrustKit tvOS Tests.xctest */, + CD50B91A238325F4003C261C /* TrustKit.framework */, + ); + name = Products; + sourceTree = ""; + }; CD534836234FD43200FCD828 /* Products */ = { isa = PBXGroup; children = ( @@ -1261,6 +1336,10 @@ ProductGroup = CD17664D1F795AE500165C83 /* Products */; ProjectRef = CD17664C1F795AE500165C83 /* SNTextView.xcodeproj */; }, + { + ProductGroup = CD50B8C8238325F4003C261C /* Products */; + ProjectRef = CD50B8C7238325F4003C261C /* TrustKit.xcodeproj */; + }, ); projectRoot = ""; targets = ( @@ -1504,6 +1583,62 @@ remoteRef = CD4D91841F7BE11800080678 /* PBXContainerItemProxy */; sourceTree = BUILT_PRODUCTS_DIR; }; + CD50B90C238325F4003C261C /* TrustKit.framework */ = { + isa = PBXReferenceProxy; + fileType = wrapper.framework; + path = TrustKit.framework; + remoteRef = CD50B90B238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + CD50B90E238325F4003C261C /* libTrustKit_Static.a */ = { + isa = PBXReferenceProxy; + fileType = archive.ar; + path = libTrustKit_Static.a; + remoteRef = CD50B90D238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + CD50B910238325F4003C261C /* TrustKitTests.xctest */ = { + isa = PBXReferenceProxy; + fileType = wrapper.cfbundle; + path = TrustKitTests.xctest; + remoteRef = CD50B90F238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + CD50B912238325F4003C261C /* TrustKit.framework */ = { + isa = PBXReferenceProxy; + fileType = wrapper.framework; + path = TrustKit.framework; + remoteRef = CD50B911238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + CD50B914238325F4003C261C /* TrustKit OS XTests.xctest */ = { + isa = PBXReferenceProxy; + fileType = wrapper.cfbundle; + path = "TrustKit OS XTests.xctest"; + remoteRef = CD50B913238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + CD50B916238325F4003C261C /* TrustKit.framework */ = { + isa = PBXReferenceProxy; + fileType = wrapper.framework; + path = TrustKit.framework; + remoteRef = CD50B915238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + CD50B918238325F4003C261C /* TrustKit tvOS Tests.xctest */ = { + isa = PBXReferenceProxy; + fileType = wrapper.cfbundle; + path = "TrustKit tvOS Tests.xctest"; + remoteRef = CD50B917238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + CD50B91A238325F4003C261C /* TrustKit.framework */ = { + isa = PBXReferenceProxy; + fileType = wrapper.framework; + path = TrustKit.framework; + remoteRef = CD50B919238325F4003C261C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; CD534870234FD43200FCD828 /* libSNReactNative.a */ = { isa = PBXReferenceProxy; fileType = archive.ar; diff --git a/ios/StandardNotes/AppDelegate.m b/ios/StandardNotes/AppDelegate.m index 43a24ba5..544534fa 100644 --- a/ios/StandardNotes/AppDelegate.m +++ b/ios/StandardNotes/AppDelegate.m @@ -4,18 +4,42 @@ #import #import #import +#import @implementation AppDelegate - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { + [BugsnagReactNative start]; + + [self disableUrlCache]; + + [self configurePinning]; + + [self clearWebEditorCache]; + + RCTBridge *bridge = [[RCTBridge alloc] initWithDelegate:self launchOptions:launchOptions]; + RCTRootView *rootView = [[RCTRootView alloc] initWithBridge:bridge moduleName:@"StandardNotes" initialProperties:nil]; + + rootView.backgroundColor = [[UIColor alloc] initWithRed:1.0f green:1.0f blue:1.0f alpha:1]; + + self.window = [[UIWindow alloc] initWithFrame:[UIScreen mainScreen].bounds]; + UIViewController *rootViewController = [UIViewController new]; + rootViewController.view = rootView; + self.window.rootViewController = rootViewController; + [self.window makeKeyAndVisible]; + + return YES; +} + +- (void)disableUrlCache { // Disable NSURLCache for general network requests. Caches are not protected by NSFileProtectionComplete. // Disabling, or implementing a custom subclass are only two solutions. https://stackoverflow.com/questions/27933387/nsurlcache-and-data-protection NSURLCache *sharedCache = [[NSURLCache alloc] initWithMemoryCapacity:0 diskCapacity:0 diskPath:nil]; [NSURLCache setSharedURLCache:sharedCache]; - - [BugsnagReactNative start]; +} +- (void)clearWebEditorCache { // Clear web editor cache after every app update NSString *lastVersionClearKey = @"lastVersionClearKey"; NSString *lastVersionClear = [[NSUserDefaults standardUserDefaults] objectForKey:lastVersionClearKey]; @@ -31,20 +55,38 @@ - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:( [[NSUserDefaults standardUserDefaults] setObject:currentVersion forKey:lastVersionClearKey]; } - - - RCTBridge *bridge = [[RCTBridge alloc] initWithDelegate:self launchOptions:launchOptions]; - RCTRootView *rootView = [[RCTRootView alloc] initWithBridge:bridge moduleName:@"StandardNotes" initialProperties:nil]; - - rootView.backgroundColor = [[UIColor alloc] initWithRed:1.0f green:1.0f blue:1.0f alpha:1]; - - self.window = [[UIWindow alloc] initWithFrame:[UIScreen mainScreen].bounds]; - UIViewController *rootViewController = [UIViewController new]; - rootViewController.view = rootView; - self.window.rootViewController = rootViewController; - [self.window makeKeyAndVisible]; +} - return YES; +- (void)configurePinning { + NSDictionary *trustKitConfig = + @{ + kTSKSwizzleNetworkDelegates: @YES, + + // The list of domains we want to pin and their configuration + kTSKPinnedDomains: @{ + @"sync.standardnotes.org" : @{ + kTSKIncludeSubdomains:@YES, + + // Do not block connections if pinning validation failed so the App doesn't break + kTSKEnforcePinning:@NO, + + // Send reports for pin validation failures so we can track them + kTSKReportUris: @[@"https://standard.report-uri.com/r/d/csp/reportOnly"], + + // The pinned public keys' Subject Public Key Info hashes + kTSKPublicKeyHashes : @[ + @"C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=", + @"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=", + @"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=", + @"++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=", + @"f0KW/FtqTjs108NpYj42SrGvOB2PpxIVM8nWxjPqJGE=", + @"NqvDJlas/GRcYbcWE8S/IceH9cq77kg0jVhZeAPXq8k=", + @"9+ze1cZgR9KO1kZrVDxA4HQ6voHRCSVNz4RdTCx4U8U=" + ], + }, + } + }; + [TrustKit initSharedInstanceWithConfiguration:trustKitConfig]; } - (NSURL *)sourceURLForBridge:(RCTBridge *)bridge diff --git a/package-lock.json b/package-lock.json index f0ec1be5..dfbad656 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "StandardNotes", - "version": "3.0.14", + "version": "3.0.16", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/vendor/TrustKit b/vendor/TrustKit new file mode 160000 index 00000000..fdf7aa91 --- /dev/null +++ b/vendor/TrustKit @@ -0,0 +1 @@ +Subproject commit fdf7aa91a91d1c09f51c3303e811d6d523f55bf1 From 6beb3846d394b3a5152e580b1749088e9d5289c7 Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Mon, 18 Nov 2019 15:31:06 -0600 Subject: [PATCH 2/2] Android HPKP --- .../standardnotes/CustomClientFactory.java | 32 +++++++++++++++++++ .../com/standardnotes/MainApplication.java | 8 +++++ ios/StandardNotes.xcodeproj/project.pbxproj | 20 ++++++++++-- ios/StandardNotes/AppDelegate.m | 12 +++---- 4 files changed, 64 insertions(+), 8 deletions(-) create mode 100644 android/app/src/main/java/com/standardnotes/CustomClientFactory.java diff --git a/android/app/src/main/java/com/standardnotes/CustomClientFactory.java b/android/app/src/main/java/com/standardnotes/CustomClientFactory.java new file mode 100644 index 00000000..f4373384 --- /dev/null +++ b/android/app/src/main/java/com/standardnotes/CustomClientFactory.java @@ -0,0 +1,32 @@ +package com.standardnotes; + +import com.facebook.react.modules.network.OkHttpClientFactory; +import com.facebook.react.modules.network.OkHttpClientProvider; +import com.facebook.react.modules.network.ReactCookieJarContainer; +import java.util.concurrent.TimeUnit; +import okhttp3.CertificatePinner; +import okhttp3.OkHttpClient; + +public class CustomClientFactory implements OkHttpClientFactory { + private static String hostname = "*.standardnotes.org"; + @Override + public OkHttpClient createNewNetworkModuleClient() { + CertificatePinner certificatePinner = new CertificatePinner.Builder() + .add(hostname, "sha256/Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=") + .add(hostname, "sha256/C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=") + .add(hostname, "sha256/YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=") + .add(hostname, "sha256/sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=") + .add(hostname, "sha256/++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=") + .add(hostname, "sha256/f0KW/FtqTjs108NpYj42SrGvOB2PpxIVM8nWxjPqJGE=") + .add(hostname, "sha256/NqvDJlas/GRcYbcWE8S/IceH9cq77kg0jVhZeAPXq8k=") + .add(hostname, "sha256/9+ze1cZgR9KO1kZrVDxA4HQ6voHRCSVNz4RdTCx4U8U=") + .build(); + OkHttpClient.Builder client = new OkHttpClient.Builder() + .connectTimeout(0, TimeUnit.MILLISECONDS) + .readTimeout(0, TimeUnit.MILLISECONDS) + .writeTimeout(0, TimeUnit.MILLISECONDS) + .cookieJar(new ReactCookieJarContainer()) + .certificatePinner(certificatePinner); + return OkHttpClientProvider.enableTls12OnPreLollipop(client).build(); + } +} \ No newline at end of file diff --git a/android/app/src/main/java/com/standardnotes/MainApplication.java b/android/app/src/main/java/com/standardnotes/MainApplication.java index 5830bf40..119284a8 100644 --- a/android/app/src/main/java/com/standardnotes/MainApplication.java +++ b/android/app/src/main/java/com/standardnotes/MainApplication.java @@ -1,5 +1,7 @@ package com.standardnotes; +import com.facebook.react.modules.network.OkHttpClientProvider; + import android.app.Application; import android.app.Activity; import android.content.Intent; @@ -81,6 +83,8 @@ public ReactNativeHost getReactNativeHost() { public void onCreate() { super.onCreate(); + rebuildOkHtttp(); + SoLoader.init(this, /* native exopackage */ false); registerActivityLifecycleCallbacks(new ActivityLifecycleCallbacks() { @@ -124,4 +128,8 @@ public void onActivityDestroyed(Activity activity) { BugsnagReactNative.start(this); } } + + private void rebuildOkHtttp() { + OkHttpClientProvider.setOkHttpClientFactory(new CustomClientFactory()); + } } diff --git a/ios/StandardNotes.xcodeproj/project.pbxproj b/ios/StandardNotes.xcodeproj/project.pbxproj index c38084fd..d2055289 100644 --- a/ios/StandardNotes.xcodeproj/project.pbxproj +++ b/ios/StandardNotes.xcodeproj/project.pbxproj @@ -56,7 +56,8 @@ CD399CE321E181C7006106AE /* Red.png in Resources */ = {isa = PBXBuildFile; fileRef = CD399CE021E181C6006106AE /* Red.png */; }; CD399CE421E181C7006106AE /* Red@3x.png in Resources */ = {isa = PBXBuildFile; fileRef = CD399CE121E181C7006106AE /* Red@3x.png */; }; CD399CE521E181C7006106AE /* Red@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = CD399CE221E181C7006106AE /* Red@2x.png */; }; - CD50B91C23832722003C261C /* TrustKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD50B90C238325F4003C261C /* TrustKit.framework */; }; + CD50BA5D238346A9003C261C /* TrustKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD50B90C238325F4003C261C /* TrustKit.framework */; }; + CD50BA5E238346AA003C261C /* TrustKit.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = CD50B90C238325F4003C261C /* TrustKit.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; CD534871234FD44900FCD828 /* libSNReactNative.a in Frameworks */ = {isa = PBXBuildFile; fileRef = CD534870234FD43200FCD828 /* libSNReactNative.a */; }; CD743C792342ACC700535CC9 /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = ED297162215061F000B7C4FE /* JavaScriptCore.framework */; }; CD743CCE2342AD3F00535CC9 /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = ED297162215061F000B7C4FE /* JavaScriptCore.framework */; }; @@ -547,6 +548,20 @@ }; /* End PBXContainerItemProxy section */ +/* Begin PBXCopyFilesBuildPhase section */ + CD50BA5F238346AA003C261C /* Embed Frameworks */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = ""; + dstSubfolderSpec = 10; + files = ( + CD50BA5E238346AA003C261C /* TrustKit.framework in Embed Frameworks */, + ); + name = "Embed Frameworks"; + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXCopyFilesBuildPhase section */ + /* Begin PBXFileReference section */ 00457F9447544666906F6C53 /* Zocial.ttf */ = {isa = PBXFileReference; explicitFileType = undefined; fileEncoding = 9; includeInIndex = 0; lastKnownFileType = unknown; name = Zocial.ttf; path = "../node_modules/react-native-vector-icons/Fonts/Zocial.ttf"; sourceTree = ""; }; 008F07F21AC5B25A0029DE68 /* main.jsbundle */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = main.jsbundle; sourceTree = ""; }; @@ -636,7 +651,6 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( - CD50B91C23832722003C261C /* TrustKit.framework in Frameworks */, CD534871234FD44900FCD828 /* libSNReactNative.a in Frameworks */, ED297163215061F000B7C4FE /* JavaScriptCore.framework in Frameworks */, CD399CD021E16BD6006106AE /* libReactNativeAlternateIcons.a in Frameworks */, @@ -650,6 +664,7 @@ 5E9157361DD0AC6A00FF2AA8 /* libRCTAnimation.a in Frameworks */, 00C302E51ABCBA2D00DB3ED1 /* libRCTActionSheet.a in Frameworks */, 00C302E71ABCBA2D00DB3ED1 /* libRCTGeolocation.a in Frameworks */, + CD50BA5D238346A9003C261C /* TrustKit.framework in Frameworks */, 00C302E81ABCBA2D00DB3ED1 /* libRCTImage.a in Frameworks */, 133E29F31AD74F7200F7D852 /* libRCTLinking.a in Frameworks */, 00C302E91ABCBA2D00DB3ED1 /* libRCTNetwork.a in Frameworks */, @@ -1131,6 +1146,7 @@ 13B07F8C1A680F5B00A75B9A /* Frameworks */, 13B07F8E1A680F5B00A75B9A /* Resources */, 00DD1BFF1BD5951E006B06BC /* Bundle React Native code and images */, + CD50BA5F238346AA003C261C /* Embed Frameworks */, ); buildRules = ( ); diff --git a/ios/StandardNotes/AppDelegate.m b/ios/StandardNotes/AppDelegate.m index 544534fa..3fbb9ba8 100644 --- a/ios/StandardNotes/AppDelegate.m +++ b/ios/StandardNotes/AppDelegate.m @@ -12,10 +12,10 @@ - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:( { [BugsnagReactNative start]; - [self disableUrlCache]; - [self configurePinning]; + [self disableUrlCache]; + [self clearWebEditorCache]; RCTBridge *bridge = [[RCTBridge alloc] initWithDelegate:self launchOptions:launchOptions]; @@ -64,17 +64,17 @@ - (void)configurePinning { // The list of domains we want to pin and their configuration kTSKPinnedDomains: @{ - @"sync.standardnotes.org" : @{ + @"standardnotes.org" : @{ kTSKIncludeSubdomains:@YES, - // Do not block connections if pinning validation failed so the App doesn't break - kTSKEnforcePinning:@NO, + kTSKEnforcePinning:@YES, // Send reports for pin validation failures so we can track them - kTSKReportUris: @[@"https://standard.report-uri.com/r/d/csp/reportOnly"], + kTSKReportUris: @[@"https://standard.report-uri.com/r/d/hpkp/reportOnly"], // The pinned public keys' Subject Public Key Info hashes kTSKPublicKeyHashes : @[ + @"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=", @"C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=", @"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=", @"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=",