• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: App Transport Security has blocked a cleartext HTTP for a local IP
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: App Transport Security has blocked a cleartext HTTP for a local IP


  • Subject: Re: App Transport Security has blocked a cleartext HTTP for a local IP
  • From: James White <email@hidden>
  • Date: Fri, 16 Oct 2015 08:32:33 +0100

It's not necessarily a vulnerability. The purpose of ATS is to get people thinking about implementing SSL. Potentially Apple could make this mandatory in the future but you'll have plenty of notice.

Sent from my iThing

> On 16 Oct 2015, at 08:14, Devarshi Kulshreshtha <email@hidden> wrote:
>
> What happens if you only use this:
>
>>
>> <key>NSAllowsArbitraryLoads</key>
>> <true/>
>>
>> ??
>
> Then it works as expected.. but that is not the preferred approach ..
> because we are pointing to local ip just for testing purpose, in future we
> will be pointing it to a public IP (probably https) and if we miss to
> update the info.plist then it will be security vulnerability.. right?
>
>
>>
>>> On Oct 15, 2015, at 3:56 PM, Marek Hrušovský wrote:
>>>
>>> I read on some blogposts that ios9 GM did not support IP addresses for
>> ATS.
>>> Do not know if this has changed.
>>>
>>> On Thu, Oct 15, 2015 at 9:06 PM, Devarshi Kulshreshtha <
>>> email@hidden> wrote:
>>>
>>>> Our webservices are hosted in some local IP, to bypass the App Transport
>>>> Security I added this as dictionary for NSAppTransportSecurity key in my
>>>> info.plist file:
>>>>
>>>>
>>>> <dict>
>>>> <key>NSAllowsArbitraryLoads</key>
>>>> <false/>
>>>> <key>NSExceptionDomains</key>
>>>> <dict>
>>>> <key>localhost</key>
>>>> <dict>
>>>> <key>NSExceptionAllowsInsecureHTTPLoads</key>
>>>> <true/>
>>>> </dict>
>>>> <key>10.32.27.12</key>
>>>> <dict>
>>>> <key>NSExceptionAllowsInsecureHTTPLoads</key>
>>>> <true/>
>>>> </dict>
>>>> </dict>
>>>> </dict>
>>>>
>>>> but for some reasons I am still getting this error message:
>>>>
>>>> App Transport Security has blocked a cleartext HTTP (http://) resource
>>>> load
>>>> since it is insecure. Temporary exceptions can be configured via your
>> app's
>>>> Info.plist file
>>>>
>>>> Any ideas?
>>>>
>>>> --
>>>> Thanks,
>>>>
>>>> Devarshi
>>>> _______________________________________________
>>>>
>>>> Cocoa-dev mailing list (email@hidden)
>>>>
>>>> Please do not post admin requests or moderator comments to the list.
>>>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>>>
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>> This email sent to email@hidden
>>> _______________________________________________
>>>
>>> Cocoa-dev mailing list (email@hidden)
>>>
>>> Please do not post admin requests or moderator comments to the list.
>>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>>
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>
>
> --
> Thanks,
>
> Devarshi
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


  • Follow-Ups:
    • Re: App Transport Security has blocked a cleartext HTTP for a local IP
      • From: Charles Srstka <email@hidden>
References: 
 >App Transport Security has blocked a cleartext HTTP for a local IP (From: Devarshi Kulshreshtha <email@hidden>)
 >Re: App Transport Security has blocked a cleartext HTTP for a local IP (From: Marek Hrušovský <email@hidden>)
 >Re: App Transport Security has blocked a cleartext HTTP for a local IP (From: Alex Zavatone <email@hidden>)
 >Re: App Transport Security has blocked a cleartext HTTP for a local IP (From: Devarshi Kulshreshtha <email@hidden>)

  • Prev by Date: Re: NSButton with NSTexturedRoundedBezelStyle outside of NSToolbar
  • Next by Date: Re: App Transport Security has blocked a cleartext HTTP for a local IP
  • Previous by thread: Re: App Transport Security has blocked a cleartext HTTP for a local IP
  • Next by thread: Re: App Transport Security has blocked a cleartext HTTP for a local IP
  • Index(es):
    • Date
    • Thread