Clever Geek Handbook

IOS 9 Configurations: Application Migration Security App Configurations

I am currently working on an application that uses both HTTPS endpoints and HTTP endpoints. Now I want to comply with Application Transport Security for iOS9 by creating a dictionary NSExceptionDomains

in the plist, but the number of third-party endpoints my apps hit is dynamic and always growing, so doing that would be a rather tedious task.

So while I could just set NSAllowsArbitraryLoads

to YES

, I'd rather have ATS disabled by default, save for my handful of secure HTTPS endpoints. Is it possible to do this? I saw one blog post about someone setting up a plist this way.

enter image description here

But I can't find any information to support that this is a valid solution, and I don't know how to find out if the HTTPS request is using ATS. Does anyone know if this is possible or how to know if it works?

EDIT

It should be noted that the tags in the current application documentation are incorrect.

NSExceptionAllowInsecureHTTPLoads NSExceptionRequiresForwardSecrecy NSExceptionMinimumTLSVersion NSThirdPartyExceptionAllowsInsecureHTTPLoads NSThirdPartyExceptionMinimumTLSVersion NSThirdPartyExceptionRequiresForwardSecrecy

Actually

NSTemporaryExceptionAllowsInsecureHTTPLoads NSTemporaryExceptionRequiresForwardSecrecy NSTemporaryExceptionMinimumTLSVersion NSTemporaryThirdPartyExceptionAllowsInsecureHTTPLoads NSTemporaryThirdPartyExceptionMinimumTLSVersion NSTemporaryThirdPartyExceptionRequiresForwardSecrecy

+3


source to share


1 answer


After doing some more research, I was able to answer my own question. So basically you are saying that everything does not use ATS by default by setting NSAllowsArbitraryLoads

= YES.

But then, in your exception dictionary ( NSExceptionDomain

), you specify the endpoints that you want to act differently. This means that you can place HTTPS endpoints in this list and tell it to use ATS by setting NSTemporaryExceptionAllowsInsecureHTTPSLoads

to NO

. I was able to test this by putting an unsecured endpoint itunes.apple.com

and trying to cover it. When I installed NSTemporaryExceptionAllowsInsecureHTTPSLoads

in NO

, it failed and complained that it was not secure.



This may be obvious to most people, but with a little documentation in there, I hope this helps.

+4


source






More articles:


All Articles