是否可以在运行时修改App Transport Security例外域? [英] Can App Transport Security exception domains be modified at runtime?
问题描述
在我的应用中,API在运行时提供图像和视频的域,我需要允许进行这些连接.使用NSAllowsArbitraryLoads似乎是我现在唯一可以做的令人满意的事情,但是我想利用ATS并只将运行时提供的简短域白名单列入白名单.
In my app, APIs provide the domains for images and videos during runtime and I need to allow these connections to be made. Using NSAllowsArbitraryLoads seems to be the only satisfactory thing I can do right now, but I would like to take advantage of ATS and only whitelist this short list of domains provided at runtime.
根据应用传输安全技术说明,所有这些域都在Info.plist中设置,在编译时将其复制.在运行时是否可以允许HTTP或放宽对这些特定域的请求的TLS要求?
According to the App Transport Security Technote, all of these domains are set in the Info.plist, which is copied at compile time. Is it possible to allow HTTP or loosen TLS requirements during runtime for requests to these specific domains?
推荐答案
否,ATS策略是在编译时定义的.我的猜测是,它可能成为已签名应用程序包的一部分,并且不能被篡改.
No, the ATS policy is defined at compile time. My guess is that it may be so that it becomes part of the signed application package and can't be tampered with.
在您的情况下,通常需要允许不安全的传输.如果您使用的API端点支持TLS,则可以将这些域指定为需要策略文件中安全性的例外.
In your case allowing insecure transfers generally wil be required. If the API endpoints you use support TLS then you can specific those domains as exceptions that require security in the policy file.
这篇关于是否可以在运行时修改App Transport Security例外域?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
