App Transport Security is a feature that improves the security of connections between an app and web services. The feature consists of default connection requirements that conform to best practices for secure connections. Apps can override this default behavior and turn off transport security.
All connections using the NSURLConnection, CFURL, or NSURLSession APIs use App Transport Security default behavior in apps built for iOS 9.0 or later, and OS X v10.11 or later. Connections that do not follow the requirements will fail.
App Transport Security Technote
When you are aware of the risks you can still completely disable ATS for your app by editing the Info.plist:
[key]NSAppTransportSecurity[/key]
[dict]
[key]NSAllowsArbitraryLoads[/key]
[true/]
[/dict]
To have a bit more of security you could define exceptions from the exceptions and apply ATS to specific domains only:
[key]NSAppTransportSecurity[/key]
[dict]
[key]NSAllowsArbitraryLoads[/key]
[true/]
[key]NSExceptionDomains[/key]
[dict]
[key]example.com[/key]
[dict]
[key]NSExceptionAllowsInsecureHTTPLoads[/key]
[false/]
[key]NSIncludesSubdomains[/key]
[true/]
[/dict]
[/dict]
[/dict]
Shipping an App With App Transport Security
All connections using the NSURLConnection, CFURL, or NSURLSession APIs use App Transport Security default behavior in apps built for iOS 9.0 or later, and OS X v10.11 or later. Connections that do not follow the requirements will fail.
App Transport Security Technote
When you are aware of the risks you can still completely disable ATS for your app by editing the Info.plist:
[key]NSAppTransportSecurity[/key]
[dict]
[key]NSAllowsArbitraryLoads[/key]
[true/]
[/dict]
To have a bit more of security you could define exceptions from the exceptions and apply ATS to specific domains only:
[key]NSAppTransportSecurity[/key]
[dict]
[key]NSAllowsArbitraryLoads[/key]
[true/]
[key]NSExceptionDomains[/key]
[dict]
[key]example.com[/key]
[dict]
[key]NSExceptionAllowsInsecureHTTPLoads[/key]
[false/]
[key]NSIncludesSubdomains[/key]
[true/]
[/dict]
[/dict]
[/dict]
Shipping an App With App Transport Security
Comments
Post a Comment