I am developing an app which have a small tweak in it. it will show a preview of the given url (like Facebook,whatsapp does). but if the "User-given" url is in HTTP, I couldn't load the preview when ATS is turned on. so i turned off the whole HTTPS traffic by using NSAllowsArbitraryLoads . is there any way to allow http with ATS enabled?
According to Apple, if you build against an older SDK, so iOS 8 or earlier, then ATS is disabled. I don't know exactly what this means, but I'm guessing it is the target build setting Architectures, Base SDK -- not the deployment target setting.
This video has details of changes to ATS recently announced at WWDC 2016. As of the start of 2017, Apple will reject your app if you're using any of the following ATS exceptions AND you can't provide a reasonable justification for doing so:
- NSAllowsArbitraryLoads
- NSExceptionAllowsInsecureHTTPLoads
- NSExceptionMinimumTLSVersion
However, it appears you will be allowed to use a new exception called:
- NSAllowsArbitraryLoadsInWebContent
which means that a WKWebView control can still load HTTP content. Not sure if this applies to UIWebView as well.
In your case, I'm guessing you're not using a WKWebView, so you'd better start working on your "reasonable justification". Or stick with the iOS 8 SDK.
You can add exceptions (NSExceptionDomains
) to allow HTTP for specific domains. See the documentation.
However, if the user given URL can be any URL, then there is no other way but to use NSAllowsArbitraryLoads
.
Open Info.plist
as Source Code, then add this where you want :
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>aWebsite.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
<key>anotherWebsiteIfYouWant.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
This way you won't have to disable ATS totally.
来源:https://stackoverflow.com/questions/38067989/allow-http-without-disabling-ats-in-ios