Menu
In iOS 9, Apple is blocking insecure HTTP connections for apps, unless specific hosts are whitelisted.
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/
Are WebView(s) exempt from these rules for obvious reasons, or are we still expected to whitelist hosts that a browser opens... including all links from a given page?
I wasn't sure if this was our responsibility or if that was exempt.
959
App Transport Security (ATS) is an iOS feature that forces mobile apps to connect to back-end servers using HTTPS, instead of HTTP, to encrypt data in transit. ATS enforces a minimum security level for communications between a mobile app and web services that support its functionality.
Apple will require that all iOS apps use HTTPS connections before 2017, increasing security and privacy for mobile users. The requirement comes through the enabling of ATS (App Transport Security), an iOS 9 feature that is currently not mandatory.
On Apple platforms, a networking feature called App Transport Security (ATS) improves privacy and data integrity for all apps and app extensions. ATS requires that all HTTP connections made with the URL Loading System—typically using the URLSession class—use HTTPS.
A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections.
SFSafariViewController can show HTTP without the NSAppTransportSecurity key.
UIWebView and WKWebView require the NSAppTransportSecurity key mentioned above to display HTTP pages.
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
