site_archiver@lists.apple.com Delivered-To: macnetworkprog@lists.apple.com

On Dec 4, 2017, at 3:44 PM, Daniel Jalkut <jalkut@red-sweater.com> wrote:

I’ve proactively configured ATS in my app so that domains I expect to always support HTTPS are required to use it. One of the domains I’ve configured in this way is “wordpress.com”.

I’m seeing a puzzling behavior in which an NSURLSession data task fails with -1022 (NSURLErrorAppTransportSecurityRequiresSecureConnection) when I try to load:

http://sweatershots.wordpress.com/

But succeeds when I try to load:

http://sweatertest.wordpress.com/

I can’t make any sense of it. The only thing to note about the failing URL are that it was a new subdomain just registered at WordPress.com today. The succeeding one is a URL that I have worked with from this app for a long time.

Does the ATS system provide some kind of courtesy grandfathering for specific subdomains? What else would explain this?

By the way, I am setting a cache policy to ignore local cache, so I don’t think it’s anything like that.

Daniel

There is an exception list for ATS in the Info.plist. Would sweatertest.wordpress.com <http://sweatertest.wordpress.com/> be listed there? Unless an http URL is in the exception list, it will always fail. (See NSExceptionDomains) https://developer.apple.com/library/content/documentation/General/Reference/... <https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33> Tom _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/site_archiver%40lists... This email sent to site_archiver@lists.apple.com