Re: Implications of disabling ATS?
Re: Implications of disabling ATS?
- Subject: Re: Implications of disabling ATS?
- From: Kyle Sluder <email@hidden>
- Date: Fri, 02 Oct 2015 15:01:30 -0500
On Wed, Sep 30, 2015, at 03:45 PM, Mike Abdullah wrote:
>
> > On 30 Sep 2015, at 17:17, Jens Alfke <email@hidden> wrote:
> >
> >
> >> On Sep 30, 2015, at 7:06 AM, Alex Hall <email@hidden> wrote:
> >>
> >> However, before I go doing that, does anyone know of a better way? Are there security implications I'm overlooking? I don't know what users will do with this web view, and yes, some may log into sites or give other sensitive data. The primary use case is to look at articles, videos, etc that are tweeted, though, and to do that I can't have ATS blocking everything. I'm not sure what the best course is here. Thanks.
> >
> > You might want to use WKWebView instead, then, if all you need is a basic display of some Web content. Since it’s actually running in a separate process, your app won’t be the origin of the insecure HTTP loads, so you shouldn’t run into any issues with ATS.
>
> In my testing so far, WKWebView is subject to the same limits still of
> ATS.
But SFSafariViewController is not. And it's more powerful.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden