Application Transport Security Issue in iOS 9 and iOS 10

Apple announced that NSAllowArbitraryLoads will not work soon. Therefore, in iOS 10, I have this in my info.plist:

 <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>myAPIdomain</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> <key>NSAllowsArbitraryLoadsInWebContent</key> <true/> </dict> 

This works for my API request and content in a UIWebView. However, in iOS9, NSAllowsArbitraryLoadsInWebContent not supported, and it is recommended that you enable NSAllowsArbitraryLoads to support iOS 9. But I think this will override my NSExceptionDomains settings? How can I make HTTP requests for my API and UIWebView to work on both iOS 9 and iOS 10 and still follow the Apple rule?

Edit

To support iOS 9 and iOS 10:

 <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>myAPIdomain</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> <key>NSAllowsArbitraryLoadsInWebContent</key> <true/> <key>NSAllowsArbitraryLoads</key> <true/> </dict> 
+6
source share
1 answer
 <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict> 

You can use the above condition if you do not want to support https (TLS 1.2). But you must make sure that this will be a temporary fix. From early 2017 Apple makes https (TLS 1.2) mandatory

+1
source

Source: https://habr.com/ru/post/1011756/


All Articles