Application Transport Security Issue in iOS 9 and iOS 10

Question

Application Transport Security Issue in iOS 9 and iOS 10

Apple announced that NSAllowArbitraryLoads will not work soon. Therefore, in iOS 10, I have this in my info.plist:

 <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>myAPIdomain</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> <key>NSAllowsArbitraryLoadsInWebContent</key> <true/> </dict>

This works for my API request and content in a UIWebView. However, in iOS9, NSAllowsArbitraryLoadsInWebContent not supported, and it is recommended that you enable NSAllowsArbitraryLoads to support iOS 9. But I think this will override my NSExceptionDomains settings? How can I make HTTP requests for my API and UIWebView to work on both iOS 9 and iOS 10 and still follow the Apple rule?

Edit

To support iOS 9 and iOS 10:

 <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>myAPIdomain</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> <key>NSAllowsArbitraryLoadsInWebContent</key> <true/> <key>NSAllowsArbitraryLoads</key> <true/> </dict>

+6

ios

chengsam Oct 27 '16 at 9:27

source share

1 answer

Yogesh mv · Answer 1 · 2016-10-27T09:33:44+0000

 <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict>

You can use the above condition if you do not want to support https (TLS 1.2). But you must make sure that this will be a temporary fix. From early 2017 Apple makes https (TLS 1.2) mandatory

Application Transport Security Issue in iOS 9 and iOS 10

More articles: