Allow HTTP without disabling ATS in iOS

走远了吗. 提交于 2019-12-01 13:59:39

According to Apple, if you build against an older SDK, so iOS 8 or earlier, then ATS is disabled. I don't know exactly what this means, but I'm guessing it is the target build setting Architectures, Base SDK -- not the deployment target setting.

This video has details of changes to ATS recently announced at WWDC 2016. As of the start of 2017, Apple will reject your app if you're using any of the following ATS exceptions AND you can't provide a reasonable justification for doing so:

  • NSAllowsArbitraryLoads
  • NSExceptionAllowsInsecureHTTPLoads
  • NSExceptionMinimumTLSVersion

However, it appears you will be allowed to use a new exception called:

  • NSAllowsArbitraryLoadsInWebContent

which means that a WKWebView control can still load HTTP content. Not sure if this applies to UIWebView as well.

In your case, I'm guessing you're not using a WKWebView, so you'd better start working on your "reasonable justification". Or stick with the iOS 8 SDK.

You can add exceptions (NSExceptionDomains) to allow HTTP for specific domains. See the documentation.

However, if the user given URL can be any URL, then there is no other way but to use NSAllowsArbitraryLoads.

Open Info.plist as Source Code, then add this where you want :

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <false/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>aWebsite.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
            </dict>
            <key>anotherWebsiteIfYouWant.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
            </dict>
        </dict>
    </dict>

This way you won't have to disable ATS totally.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!