我们如何在一个应用程序中同时使用HTTP和HTTPS ATS(应用程序传输安全性)? [英] How can we use HTTP and HTTPS both ATS (App Transport Security) in One Application?

问题描述

Apple宣布了针对iOS 9和OSX 10.11 El Capitan的应用程序传输安全性". " iOS中的新增功能" iOS 9指南说明:

Apple announced "App Transport Security" for iOS 9 and OSX 10.11 El Capitan. The "What’s New in iOS" guide for iOS 9 explains:

应用传输安全性(ATS)允许应用向其添加声明 Info.plist文件，用于指定需要安全使用的域 沟通. ATS防止意外泄露，提供安全保障 默认行为，并且易于采用.您应该尽快采用ATS 无论您是要创建新应用还是创建新应用 更新现有的.

App Transport Security (ATS) lets an app add a declaration to its Info.plist file that specifies the domains with which it needs secure communication. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.

如果我们要删除或禁用ATS，则意味着我们只想使用HTTP，那么我们在.plist文件中进行输入，例如:

If we want to remove or disable the ATS means we want to use only HTTP then we are doing entry in the .plist file like as :

<key>NSAppTransportSecurity</key>
<dict>
  <!--Include to allow all connections (DANGER)-->
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

如果我们的域位于HTTPS中，我们将在.plist文件中进行输入，例如:

And if our domain is in HTTPS we are doing entry in .plist file like as :

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

问题是:

如果我的应用程序仅在HTTP等Web服务上运行.我想使用HTTPS域，例如Google Map或Facebook登录名等.或者像HTTPS域那样的一项Web服务.

If my app is working on the web-services like as HTTP only. And I want to use the HTTPS domains like as google map or Facebook login etc. Or anything like one web-service is for the HTTPS domain.

然后如何将.plist文件中的所有内容组合在一起?

Then How we can combine both the things in the .plist file?

推荐答案

如果您的应用(例如第三方网络浏览器)需要加载任意内容，Apple提供了一种禁用方法ATS一共，但我怀疑您明智地使用此功能是明智的:

If your app (a third-party web browser, for instance) needs to load arbitrary content, Apple provides a way to disable ATS altogether, but I suspect it’s wise for you to use this capability sparingly:

完全禁用 ATS .只需在您的 Info.plist 文件中包括以下内容，然后在一个应用程序中使用HTTP和HTTPS之后

Disabling ATS entirely. Simply include the following in your Info.plist file then after you can use HTTP and HTTPS in One Application

<key>NSAppTransportSecurity</key>
<dict>
      <!--Include to allow all connections (DANGER)-->
      <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

希望这会有所帮助！

这篇关于我们如何在一个应用程序中同时使用HTTP和HTTPS ATS(应用程序传输安全性)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！