fix(ios): Enable HTTP connections to local networks including Tailscale #325
+5
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add NSAllowsLocalNetworking to iOS App Transport Security configuration. This allows the Happy iOS app to make HTTP connections to: - RFC1918 private IP ranges (10.x.x.x, 172.16.x.x, 192.168.x.x) - Tailscale IPs (100.64.0.0/10 CGNAT range) - Other local network addresses Previously, iOS App Transport Security would block HTTP connections to these local network IPs, preventing users from connecting to self-hosted Happy Server instances over Tailscale or local networks. This change maintains security by keeping NSAllowsArbitraryLoads set to false, only allowing local networking while still requiring HTTPS for public internet connections. Fixes slopus#319
antoinekm
approved these changes
Jan 2, 2026
|
Sorry but this has been quoted as a fix for launching the CLI tool resulting in a 404. I don't believe this would fix that unless I am mistaken. The cli issue is connecting to the happy server? |
Would think so since my attempts to set up self hosted version fails due to this. Perhaps they have similar on their end. |
Author
|
thats my mistake - this fix was unrelated to the 404
…On Fri, Jan 2, 2026 at 2:16 PM Anton Moroz ***@***.***> wrote:
*AventusM* left a comment (slopus/happy#325)
<#325 (comment)>
Sorry but this has been quoted as a fix for launching the CLI tool
resulting in a 404. I don't believe this would fix that unless I am
mistaken. The cli issue is connecting to the happy server?
Would think so since my attempts to set up self hosted version fails due
to this. Perhaps they have similar on their end.
—
Reply to this email directly, view it on GitHub
<#325 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2FP2SXZHSKDNQTZYGOF2EL4EZVTNAVCNFSM6AAAAACQO3WPXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTOMBVGMYDCNBQGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Were you able to work around it? I encountered the same issue (self-hosted Happy server, connecting over tailscale), and when I encountered the error, I set it up to operate via SSH, to dodge the iOS ATS issue, but am still experiencing silent failures. It seems like the authentication links / qr codes are not respecting the custom server and directing straight to the Happy cloud version. |
Author
|
I actually landed up changing to https with tailscale. seems to be working
mostly fine. The occasional process unexpectedly quit.
…On Tue, Jan 6, 2026 at 7:16 AM Mikey Ward ***@***.***> wrote:
*mikeyward* left a comment (slopus/happy#325)
<#325 (comment)>
Were you able to work around it? I encountered the same issue (self-hosted
Happy server, connecting over tailscale), and when I encountered the error,
I set it up to operate via SSH, to dodge the iOS ATS issue, but am still
experiencing silent failures. It seems like the authentication links / qr
codes are not respecting the custom server and directing straight to the
Happy cloud version.
—
Reply to this email directly, view it on GitHub
<#325 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2FP2SUXQXC4OGI3ALO5YOD4FNHMTAVCNFSM6AAAAACQO3WPXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTOMJTGI3TCNJSGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
When using self-hosted Happy Server instances accessible via Tailscale or local networks, the iOS app fails to connect with "failed to connect" errors, even though the server is accessible in Safari and other browsers.
This occurs because iOS App Transport Security (ATS) blocks HTTP connections to local network IP addresses by default, including:
Solution
Add
NSAllowsLocalNetworking: trueto the iOS App Transport Security configuration inapp.config.js.This is the official Apple-recommended approach for apps that need to communicate with local network servers over HTTP.
Changes
NSAppTransportSecurityconfiguration with:NSAllowsLocalNetworking: true- Allows HTTP to local networksNSAllowsArbitraryLoads: false- Maintains security by still requiring HTTPS for public internetSecurity
This change maintains security by:
Testing
Tested with self-hosted Happy Server on:
Fixes #319