I have an application that consists of two parts: Python (the main app, which works as a server) and Electron ("helper" app, which works as a UI). I plan to submit it to the App Store, so it's sandboxed. Right now, I'm testing the sandboxed development-signed build, and I have a problem with it.

Some info about the entitlements and signing: The Python app is packaged with Py2App (I heard that it's the only possible way to package a Python app for the App Store). The Python app has com.apple.security.network.client, com.apple.security.network.server, and sandbox entitlements, I sign it using the Mac Development certificate. The Electron app is packaged with electron-builder and signed with electron-osx-sign (Mac Development certificate, as well). The Electron app has standard entitlements, I just added the sandbox and security.inherit to its entitlements. I have generated the development provision profile and embedded it into the app's bundle.

Yes, I know that this architecture is a bad choice for the macOS/App Store, I'm aware of it. The project is 99% done, and it's just easier for me to somehow overcome this issue, rather than rewriting everything from zero to Swift/Obj-C.

So, when the user clicks on the .APP, this is what happens: the Python app starts, it creates the server, and finally, launches the Electron. The problem begins here: the Electron successfully starts but fails to load the server's URL. I tried to open my server's URL in Chrome and everything works fine. So this problem is related to the Electron or maybe entitlements.

I also tried to load any other webpages, like google.com, and it still doesn't work, I get the exact same error. When I load the page (like calling the app.loadURL or changing the window.location.href), these messages get printed out in the Console:

    default 13:36:40.749975 +0200 trustd cert[2]: AnchorTrusted =(leaf)[force]> 0
    default 13:36:42.903489 +0200 symptomsd rssi (-49) or transmitRate (145.000000) changed on interface en1 for BSSID:b0:95:75:21:bc:d8
    default 13:36:50.909786 +0200 symptomsd rssi (-50) or transmitRate (145.000000) changed on interface en1 for BSSID:b0:95:75:21:bc:d8
    default 13:36:51.321708 +0200 trustd could not enable test hierarchy: no UAT pinning preferences set

I googled this "no UAT pinning preferences set", and didn't find anything useful. These messages are always the same, it doesn't matter if I try to open a localhost page or google.com. I also tried using "fetch" in the Electron's app console, it outputs this error:

>>> await fetch("https://google.com")
   ---> VM123:1 GET https://google.com/ net::ERR_NAME_NOT_RESOLVED
   ---> VM123:2 Uncaught TypeError: Failed to fetch
   --->    at <anonymous>:1:7

 I think that this issue is somehow related to security.inherit entitlement. Maybe when I launch the Electron, Python's entitlements don't get passed to the Electron? So, Electron doesn't inherit the "com.apple.security.network.client" entitlement and has no right to load any web pages, am I right? If yes, then how should I properly launch the Electron?

Currently, I tried using the "open" command and an AppleScript, the error stays the same in any case. Here are the commands I used:

Open:

open "MyPythonApp.app/Contents/MacOS/MyElectronApp.app"

AppleScript:

osascript -e "tell application \"MyPythonApp.app/Contents/MacOS/MyElectronApp.app\" to activate"

I sign the Python app with these entitlements:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
     <key>CFBundleIdentifier</key>
     <string>com.abtco.myquickmaclite</string>
     <key>com.apple.security.app-sandbox</key>
     <true/>
     <key>com.apple.security.network.server</key>
     <true/>
     <key>com.apple.security.network.client</key>
     <true/>
     <key>com.apple.security.files.user-selected.read-write</key>
     <true/>
     <key>com.apple.security.files.downloads.read-write</key>
     <true/>
     <key>com.apple.security.assets.pictures.read-write</key>
     <true/>
     <key>com.apple.security.assets.music.read-write</key>
     <true/>
     <key>com.apple.security.assets.movies.read-write</key>
     <true/>
    </dict>
    </plist>

And the Electron app with these ones:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
      <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
        <true/>
      </dict>
    </plist>

Mac Mini 2012 (macOS 10.13.6) Python 3.9.1 Electron 16.0.5

Thank you.