Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

App Transport Security issue in iOS 9 and iOS 10

Tags:

ios

Apple has announced that NSAllowArbitraryLoads will not work soon. Therefore, in iOS 10, I have this in my info.plist:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>myAPIdomain</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
        <key>NSAllowsArbitraryLoadsInWebContent</key>
        <true/>
    </dict>

This works for my API request and content in UIWebView. However, in iOS9, NSAllowsArbitraryLoadsInWebContent is not supported and it is recommended to include NSAllowsArbitraryLoads for iOS 9 support. But I think this will override my NSExceptionDomains settings? How can I make HTTP requests for my API and UIWebView work on both iOS 9 and iOS 10 and still following Apple's rule?

Edit

For supporting iOS 9 and iOS 10:

<key>NSAppTransportSecurity</key>
        <dict>
            <key>NSExceptionDomains</key>
            <dict>
                <key>myAPIdomain</key>
                <dict>
                    <key>NSIncludesSubdomains</key>
                    <true/>
                    <key>NSExceptionAllowsInsecureHTTPLoads</key>
                    <true/>
                </dict>
            </dict>
            <key>NSAllowsArbitraryLoadsInWebContent</key>
            <true/>
            <key>NSAllowsArbitraryLoads</key>
            <true/>
        </dict>
like image 774
chengsam Avatar asked Oct 27 '16 09:10

chengsam

People also ask

What is App transport security iOS?

App Transport Security (ATS) is a privacy feature introduced in iOS 9. It's enabled by default for new apps and enforces secure connections.

What is App transport security in iOS Swift?

On Apple platforms, a networking feature called App Transport Security (ATS) improves privacy and data integrity for all apps and app extensions. ATS requires that all HTTP connections made with the URL Loading System—typically using the NSURLSession class—use HTTPS.

Do all iOS apps use HTTPS?

Must-read security coverageCurrently, Apple recommends that iOS apps use ATS, but it isn't required. By making the use of ATS, and thus encrypted web traffic through HTTPS, Apple is strengthening its stand for privacy that it garnered headlines for when it refused to unlock an iPhone for the FBI.

What is Nsallowsarbitraryloads?

A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections.

1 Answers

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>

You can use the above condition if you don't want to support https(TLS 1.2). But you have to make sure it will be a temporary fix. From earlier 2017 Apple make https (TLS 1.2) as mandatory

like image 122
Yogesh Mv Avatar answered Oct 10 '22 05:10

Yogesh Mv
Sign in to Comment

Related questions

Apple rejected our phonegap app for not having ipv6 support
Sharing images/videos to other apps through UIActivityViewController shows shared items twice in iOS
Twitter Fabric.io app upload is slow
"App failed to quiesce within 60s"in React-Native project
Convert dual fisheye video to equirectangular
FIRApp.configure() creating a memory leak IOS
Fastlane-deliver - set the "Volume Purchase Program" option
What is the list of HTML tags that are supported in NSAttributedString?
The iOS build of Unity requires In-App purchasing, although my game don't use IAP
In iOS UIAlertController, Can we left align text of UIAlertAction
Enable Keyboard Type DecimalPad in Mobile Safari (via HTML)
How does Voiceover decide what cell to focus for UITableView?
Core Location skips user movements with CLVisit monitoring turned on
Strange behaviour when updated to Xcode 8
Creating Multipage PDF File using CoreGraphics shows error on console
How to convert Latitude and longitude to float value in swift
UI Testing Failure: Failed to update to requested orientation
UILabel doesn't update after setting attributedText
How to change Font/Color/Size in Xamarin C#
Subclass of XMLParser crashes with the contentsOfURL initializer if there isn't connectivity, Internet or otherwise, to get the contents of the URL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!