将 localhost 添加到 App Transport Security (ATS) NSExceptionDomains 是否安全? [英] Is it safe to add localhost to App Transport Security (ATS) NSExceptionDomains?

问题描述

在安全性方面，将 localhost 添加到 ATS NSExceptionDomains 以供开发使用是否安全?在每次提交之前从 Info.plist 文件中删除这些行不是很方便(而且很容易忘记).

Is it safe, in terms of security, to add localhost to ATS NSExceptionDomains for development use? It's not very convenient (and it's easy to forget) to remove those lines from Info.plist file before every commit.

<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>localhost</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

另外，苹果可以因此拒绝申请吗?

Additionally, can Apple reject the application because of this?

推荐答案

您现在可以为本地地址执行此操作:

You can now do this for local addresses:

<key>NSAppTransportSecurity</key>    
<dict>
    <key>NSAllowsLocalNetworking</key>
    <true/>
</dict>

Apple 将此密钥视为 ATS 例外——它表示不会拒绝使用它的应用程序.更多信息:https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html(在页面中搜索本地")

Apple has blessed this key as an ATS exception — it has said it will not reject apps for using it. More info here: https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html (search in page for "local")

这篇关于将 localhost 添加到 App Transport Security (ATS) NSExceptionDomains 是否安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！