How can I add NSAppTransportSecurity to my info.pl

2018-12-31 18:04发布

站内问答 / iOS
862 13 4

https://developer.apple.com/videos/wwdc/2015/?id=711 @5:55

I can't seem to be able to add this to my info.plist. There is no value it. I'm running XCode Version 7.0 beta (7A121l), and testing on iOS9.

Because I can't specifically declare what URL's I want as seen in the video, I keep getting "App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file" errors.

However, I don't seem to be able to configure it. Any ideas?

13条回答
浪荡孟婆
2楼-- · 2018-12-31 18:26 
<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>uservoice.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>
查看更多
0人赞 添加讨论(0) 举报
梦醉为红颜
3楼-- · 2018-12-31 18:26

One bad news for developers using NSAppTransportSecurity.

UPDATE:
[Apple will require HTTPS connections for iOS apps by the end of 2016]

https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/

查看更多
0人赞 添加讨论(0) 举报
君临天下
4楼-- · 2018-12-31 18:27

Xcode 8.2, iOS 10

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>
查看更多
0人赞 添加讨论(0) 举报
与君花间醉酒
5楼-- · 2018-12-31 18:28

Xcode 9.2, Swift 4, this works for me.

<key>App Transport Security Settings</key>
<dict>
    <key>Allow Arbitrary Loads</key>
    <true/>
</dict>
查看更多
0人赞 添加讨论(0) 举报
还给你的自由
6楼-- · 2018-12-31 18:34

try With this --- worked for me in Xcode-beta 4 7.0

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>yourdomain.com</key>
        <dict>
            <!--Include to allow subdomains-->
            <key>NSIncludesSubdomains</key>
            <true/>
            <!--Include to allow HTTP requests-->
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <!--Include to specify minimum TLS version-->
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
        </dict>
    </dict>
</dict>

Also one more option, if you want to disable ATS you can use this :

<key>NSAppTransportSecurity</key>  
 <dict>  
      <key>NSAllowsArbitraryLoads</key><true/>  
 </dict>

But this is not recommended at all. The server should have the SSL certificates and so that there is no privacy leaks.

查看更多
0人赞 添加讨论(0) 举报
余欢
7楼-- · 2018-12-31 18:34

To explain a bit more about ParaSara's answer: App Transport security will become mandatory and trying to turn it off may get your app rejected.

As a developer, you can turn App Transport security off if your networking code doesn't work with it, and you want to continue other development before fixing any problems. Say in a team of five, four can continue working on other things while one fixes all the problems. You can also turn App Transport security off as a debugging tool if you have networking problems and you want to check if they are caused by App Transport security. As soon as you know you should turn it on again immediately.

The solution that you must use in the future is not to use http at all, unless you use a third party server that doesn't support https. If your own server doesn't support https, Apple will have a problem with that. Even with third party servers, I wouldn't bet that Apple accepts it.

Same with the various checks for server security. At some point Apple will only accept justifiable exceptions.

But mostly, consider this: You are endangering the privacy of your customers. That's a big no-no in my book. Don't do that. Fix your code, don't ask for permission to run unsafe code.

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2 3 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)