Re: App Transport Security exceptions App Store signed app
Re: App Transport Security exceptions App Store signed app
- Subject: Re: App Transport Security exceptions App Store signed app
- From: Jens Alfke <email@hidden>
- Date: Tue, 26 Jan 2016 22:18:45 -0800
> On Jan 26, 2016, at 9:55 PM, Trygve Inda <email@hidden> wrote:
>
> NSTemporaryExceptionAllowsInsecureHTTPLoads
The “Temporary” in those names was only needed for the first iOS 9 beta. It might still be supported, but the official names do not have Temporary in them. See the official docs at
https://developer.apple.com/library/prerelease/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
> Calls to http on my domain (xericdesign.com <http://xericdesign.com/>) work. Calls via http to my
> other domain (earthdeskcloudhost02.com <http://earthdeskcloudhost02.com/>) do not work.
I believe you’re using the wrong key. If you need non-SSL connections to work, the key you want is NSAllowsArbitraryLoads. The key you’re using is for situations where you make an SSL connection but the SSL server doesn’t meet ATS’s security requirements — e.g. its certificate is self-signed or expired.
Another useful article to read is
http://lithium3141.com/blog/2015/08/21/shipping-an-app-with-app-transport-security/
Also, have you looked into setting up HTTPS on those servers instead of working around its absence? Part of the reason Apple added ATS was to nudge app developers to make their network connections more secure, which will benefit users.
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden