Re: App Transport Security has blocked a cleartext HTTP for a local IP
Re: App Transport Security has blocked a cleartext HTTP for a local IP
- Subject: Re: App Transport Security has blocked a cleartext HTTP for a local IP
- From: James White <email@hidden>
- Date: Fri, 16 Oct 2015 08:32:33 +0100
It's not necessarily a vulnerability. The purpose of ATS is to get people thinking about implementing SSL. Potentially Apple could make this mandatory in the future but you'll have plenty of notice.
Sent from my iThing
> On 16 Oct 2015, at 08:14, Devarshi Kulshreshtha <email@hidden> wrote:
>
> What happens if you only use this:
>
>>
>> <key>NSAllowsArbitraryLoads</key>
>> <true/>
>>
>> ??
>
> Then it works as expected.. but that is not the preferred approach ..
> because we are pointing to local ip just for testing purpose, in future we
> will be pointing it to a public IP (probably https) and if we miss to
> update the info.plist then it will be security vulnerability.. right?
>
>
>>
>>> On Oct 15, 2015, at 3:56 PM, Marek Hrušovský wrote:
>>>
>>> I read on some blogposts that ios9 GM did not support IP addresses for
>> ATS.
>>> Do not know if this has changed.
>>>
>>> On Thu, Oct 15, 2015 at 9:06 PM, Devarshi Kulshreshtha <
>>> email@hidden> wrote:
>>>
>>>> Our webservices are hosted in some local IP, to bypass the App Transport
>>>> Security I added this as dictionary for NSAppTransportSecurity key in my
>>>> info.plist file:
>>>>
>>>>
>>>> <dict>
>>>> <key>NSAllowsArbitraryLoads</key>
>>>> <false/>
>>>> <key>NSExceptionDomains</key>
>>>> <dict>
>>>> <key>localhost</key>
>>>> <dict>
>>>> <key>NSExceptionAllowsInsecureHTTPLoads</key>
>>>> <true/>
>>>> </dict>
>>>> <key>10.32.27.12</key>
>>>> <dict>
>>>> <key>NSExceptionAllowsInsecureHTTPLoads</key>
>>>> <true/>
>>>> </dict>
>>>> </dict>
>>>> </dict>
>>>>
>>>> but for some reasons I am still getting this error message:
>>>>
>>>> App Transport Security has blocked a cleartext HTTP (http://) resource
>>>> load
>>>> since it is insecure. Temporary exceptions can be configured via your
>> app's
>>>> Info.plist file
>>>>
>>>> Any ideas?
>>>>
>>>> --
>>>> Thanks,
>>>>
>>>> Devarshi
>>>> _______________________________________________
>>>>
>>>> Cocoa-dev mailing list (email@hidden)
>>>>
>>>> Please do not post admin requests or moderator comments to the list.
>>>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>>>
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>> This email sent to email@hidden
>>> _______________________________________________
>>>
>>> Cocoa-dev mailing list (email@hidden)
>>>
>>> Please do not post admin requests or moderator comments to the list.
>>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>>
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>
>
> --
> Thanks,
>
> Devarshi
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden