Universal Links not working on an iOS 14 device with the associated website behind a VPN

Prior to iOS 14 our Dev server was routing universal links to our test devices just fine from both Xcode and TestFlight builds. But now that we've started testing on iOS 14 devices the links aren't being handled any more.

After doing some research we noticed the new configuration regarding Associated Domains for web servers that aren't reachable from the public internet.

https://developer.apple.com/documentation/safariservices/supporting_associated_domains

Starting with macOS 11 and iOS 14, apps no longer send requests for apple-app-site-association files directly to your web server. Instead, they send these requests to an Apple-managed content delivery network (CDN) dedicated to associated domains.

While you’re developing your app, if your web server is unreachable from the public internet, you can use the alternate mode feature to bypass the CDN and connect directly to your private domain.

You enable an alternate mode by adding a query string to your associated domain’s entitlement as follows:
<service>:<fully qualified domain>?mode=<alternate mode>


Given our Dev server is only reachable via a VPN we changed our project config to use the alternate mode: 
Code Block 
 	<key>com.apple.developer.associated-domains</key>
 	<array>
 		<string>webcredentials:ourDevServerURL?mode=developer</string>
		<string>applinks:ourDevServerURL?mode=developer</string>
 	</array>


But unfortunately that still doesn't work and in the console we can see the following swcd logs being generated after a fresh app install.
Code Block 
debug	com.apple.swc	11:45:19.016561-0600	swcd	entry	Skipping domain si….va….com?mode=developer because developer mode is disabled

So what else do we need to get developer mode working for these app links?
Post not yet marked as solved Up vote post of AppsByC Down vote post of AppsByC
22k views
Posted by
AppsByC
Reply
Add a Comment

Replies

I have same problem can any ones have answers for this issue ?
Posted by
viennv
Up vote reply of viennv Down vote reply of viennv

  • Delete the app & reinstall it again?

    sadfadsf
Add a Comment
I'm facing same issue , Please let me know if you have any update on the problem. I did everything like in the https://developer.apple.com/documentation/safariservices/supporting_associated_domains
Posted by
fahad_sephora
Up vote reply of fahad_sephora Down vote reply of fahad_sephora
Add a Comment
I have similar problem, the web server is only available from one country, so Apple's servers may not be able to see it.
Posted by
kenikori
Post not yet marked as solved Up vote reply of kenikori Down vote reply of kenikori
Add a Comment
There is an option for this that needs to be toggled in the developer settings on the device. Try toggling it to allow developer mode.
Posted by
PowerCode
Post not yet marked as solved Up vote reply of PowerCode Down vote reply of PowerCode
Add a Comment
Given the hint by @PowerCode, I enabled the Associated Domains Development setting which can be found in the iOS 14 device Settings -> Developer view. This allows builds deployed via Xcode to handle deeplinks so we're moving the bar.

But the deeplinks for a TestFlight build still don't work and the console is now showing a different error when I filter for the swcd process. 

Code Block 
debug	com.apple.swc	13:20:22.627834-0600	swcd	domain	Domain si….va….com?mode=developer encompasses si….va….com
debug	com.apple.swc	13:20:22.628726-0600	swcd	manager	Found entry { s = applinks, a = <app id>, d = si….va….com?mode=developer, ua = unspecified, sa = unspecified } matching inputs { s = applinks, a = (null), d = si….va….com }
debug	com.apple.swc	13:20:22.628796-0600	swcd	manager	Entry { s = applinks, a = <app id>, d = si….va….com?mode=developer, ua = unspecified, sa = unspecified } did not have any patterns to match against

So one step closer but we're not there yet. Any further hints would be appreciated...
Posted by
AppsByC
Post not yet marked as solved Up vote reply of AppsByC Down vote reply of AppsByC
Add a Comment
Any updates on this issue? We are having the same problem with our dev server. From the swcd logs there are no errors whatsoever and the developer mode is turned on as well.
Posted by
Duci
Post not yet marked as solved Up vote reply of Duci Down vote reply of Duci
Add a Comment
Dears,

We are also facing this issue on our banking acceptance webservers, one possibility would be to obtain apple CDN ip ranges (we are allowed to whitelist some of them our side). Any help is welcomed

Kr,

Daniel
Féduniak
Posted by
feduniakdaniel
Up vote reply of feduniakdaniel Down vote reply of feduniakdaniel
Add a Comment
anyone has a fix on this?
Posted by
arnoldc
Up vote reply of arnoldc Down vote reply of arnoldc
Add a Comment
Still no solution? IT Security is bugging me because they need an IP (range) to whitelist the request from the Apple CDN.

Does anyone know at what moment the CDN will request for the configuration file and at which interval will it do request to update the configuration? Will the configuration in the CDN be invalidated if a refresh fails?
Posted by
niels_schneider
Up vote reply of niels_schneider Down vote reply of niels_schneider

  • Would whitelisting cdn-apple.com work?

    lmaxwell
Add a Comment
Make sure you enable Associated Domains Development on Developer menu in iOS Settings.
Posted by
arashredeye
Post not yet marked as solved Up vote reply of arashredeye Down vote reply of arashredeye

  • thank you this worked for me

    MateuszW93
Add a Comment
in my side I already added associated domains on this still no luck.

can anyone from apple devs ,add comments regarding this?
Posted by
arnoldc
Up vote reply of arnoldc Down vote reply of arnoldc
Add a Comment
I have similar problem, and I found the reason why.
In this page:
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_associated-domains

They said:

only apps signed with a development profile can use developer mode, and users must opt in on any device they use.

So you must use development provisioning profile, or make association file public.
I suspect that you are using AdHoc profile or InHouse profile for TestFlight deployment so that testers can use it. It is same situation to me.
(Eventually, we are trying to solve with making only the association file public)
Posted by
sunagae
Up vote reply of sunagae Down vote reply of sunagae
Add a Comment
And what about testing on the simulator? I would like to access the dev environment (only accesible via VPN) App-association file, but it does not work. How can I enable the Associated Domains Development on the simulator?
I understand the app is not signed then... So is this meant to work? it doesn't :)
Posted by
adrianaOrmaetxea
Post not yet marked as solved Up vote reply of adrianaOrmaetxea Down vote reply of adrianaOrmaetxea
Add a Comment