![]() ![]() The error codes you see in the XCode device logs are the first place to check. Troubleshooting ATS-related issues can be difficult to do. For instance, you may need to modify ist to include downgrading TLS versions or disabling PFS options: NSExceptionAllowsInsecureHTTPLoads NSTemporaryExceptionMinimumTLSVersion 1.0 NSTemporaryExceptionRequiresForwardSecrecy Further Troubleshooting The results will show you whether default connections will fail, and whether using using older versions of Transport Layer Security (TLS) or disabling options such as Perfect Forward Secrecy (PFS) will resolve the issue. You can test out issues with App Transport Security by using the nscurl command: nscurl -ats-diagnostics Otherwise, you may break some functionality in the SDK that required the NSAllowsArbitraryLoads key by itself, since it may be relying on the effects of that key outside of web views, media playback, and/or local networking. However, users of multiple third-party SDKs should be careful: If any third-party SDK requests that you use the NSAllowsArbitraryLoads key by itself, then you can't include any of these more specific keys in your. This seems great, since many users of these special keys may only want exceptions for downloaded videos, user-controlled web browsing, advertisement browser redirects, or other use cases. Using any of these keys will effectively cancel out the blanket effects of the NSAllowsArbitraryLoads key on iOS 10+ devices. The Apple doc lists some valid reasons you can submit, just search for justification on the doc - if you're using third party SDKs, one valid reason is that your app "must connect to a server managed by another entity that does not support secure connections". The keys that require justification will trigger an App Store review. local domains, without disabling ATS for the rest of your app. Set this key’s value to YES to obtain exemption from ATS policies in your app’s web views ( WKWebViews and UIWebViews), without affecting the ATS-mandated security of your NSURLSession connections.Īn optional Boolean value that, when set to YES, removes App Transport Security protections for connections to unqualified domains and to. KeyĪn optional Boolean value that, when set to YES, disables all App Transport Security restrictions for media loaded using APIs from the AV Foundation framework. The Apple doc has more complete information on each key, if you need more information. ![]() Here's a quick table of what each key is used for. In iOS 10 and later, and macOS 10.12 and later, the value of is ignored-resulting in an effective value for this key of its default value of NO-if any of the following keys are present in your app’s ist file: Instead of using NSAllowsArbitraryLoads by itself, you can also now use a few keys that override this key's behavior. plist keys that can be used to narrow down the exceptions you include to ATS's strict security. Starting in iOS 10, Apple provided a few. NSAppTransportSecurity NSAllowsArbitraryLoads ![]() You may also use NSAllowsArbitraryLoads to completely disable ATS in your app: ![]() NSExceptionAllowsInsecureHTTPLoads: YES.Add an NSExceptionDomains dictionary to whitelist specific domains. You can poke holes in ATS by adding a NSAppTransportSecurity dictionary to ist. Unfortunately, you may have to connect to APIs outside of your control which do not offer HTTPS. These new defaults are useful for countering "leaks." While your may have moved all your REST API endpoints to HTTPS, they may reference insecure resources, such as image assets. Thanks to SSL session reuse, performance should no longer be a concern. With modern web services, there is no reason to send data in the clear. In addition, there are hardened encryption standards that are expected that sometimes go beyond the standard TLS v1.2 implementation. In addition, HTTPS connections must also be using the latest protocol, Transport Layer Security (TLS) v1.2 and will fail to establish a connection if an older version is being used by the web server. This defaults apps to requiring an HTTPS connection, and returning an error for non-HTTPS connections. In iOS 9, Apple introduced "App Transport Security," or ATS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |