iOS Message Filter Extension - deferQueryRequestToNetwork(completion:) error
I made a test app using the iOS App template and added a target using the Message Filter Extension template which invokes deferQueryRequestToNetwork(completion:) when receiving an SMS.
The app and the extension have same "Associated Domains Capabilities" with "messagefilter" pointing to a server which receives query requests and returns proper responses. The extension has the "ILMessageFilterExtensionNetworkURL" key in Info.plist file which specifies the server URL.
deferQueryRequestToNetwork(completion:) throws a com.apple.calls.messagefilter error which reads "Extension's containing app (appID <private>) unauthorized to defer requests to host <private>"
Hi,
Your main app should have messagefilter associated domains and your main app bundle id should be inside apple-app-site-association file. You also should ensure your AASA is installed correctly.
Here are some debugging tips:
- Plug a device into your Mac and open the Console App.
- Download the app to device while monitoring the logs on the Console App.
- Check for a line similar to swcd(CoreUtils)[3253] <Notice>: Added service 'applinks', appID ‘***', domain ‘***’ (you can filter the logs with “swcd”)
Check for any errors that may be occurring in the logs.
Additionally, here is a checklist I use when implementing Universal Links :
• Check your entitlements and ensure associated domains is present
• Check your domains and ensure that apple association website is downloadable via HTTP and HTTPS
• Check your App ID in asocial file and compare it to your entitlements
• Check that your app ID prefixes match
• Your .well-known takes precedence, if it is outdated Universal Links won’t work
• Ensure your SSL cert validation passes
• Redirects are not allowed
Please note that redirects aren't compatible with Universal Links. This is a common reason why Universal Links do not work.
Swcutil is your friend
• Universal like are services app links showing swcutil_show.txt
• User approval requires banner or long press on link
• Updates to download latest file takes up to a week
• Patterns determine eligible paths, exclude : true will always open in safari
• Substitution variables TSIs are rare but they should work in pattern matching
• Patterns must go in order, usually you want expulsions first
• AASA files have size caps as well
• Denial messages are from the CDN in Site/Fmwk Approval
• Team based code signing is best for ensuring proper Ids are setup
• Type of asssociated domains must be included ie “applinks:google.com”, not just “google.com”
applinks: webcredentials: etc
• Check that the app identifiers match
AASA updates happen when the app is first installed, but not on version updates. The system will check approximately once a week for an updated AASA.
Read more here:
https://developer.apple.com/documentation/xcode/supporting-associated-domains
If you are iterating at a fast pace, you can use developer mode, and directly pull the AASA from their web server.
To trigger a download you still need to delete the app and reinstall via Xcode (TF and App Store do not work for developer mode.)
If they trigger a sysdiagnose, in the swcutil_show.txt file they can look for their domain and find information about when the "last check" was, and when the next check will be.
Hopefully this helps.
Rico
WWDR | DTS | Software Engineer