在Xcode 9.2中禁用App Transport Security? [英] Disable App Transport Security in Xcode 9.2?
问题描述
我无法在Xcode 9.2中禁用App Transport Security(ATS)。我(多年来)在针对我的本地服务器环境运行构建时禁用了ATS。
I cannot disable App Transport Security (ATS) in Xcode 9.2. I have been (for years) disabling ATS when running builds against my local server environment.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
在Xcode 9.2中,一个简单的请求(以http模式运行本地Rails应用程序):
In Xcode 9.2, a simple request (running against a local Rails app in http mode):
let session = URLSession(configuration: .default)
let url = URL(string: "http://store.dev/api/products.json")!
let task = session.dataTask(with: url) { data, response, error in
print(data)
print(response)
print(error)
}
task.resume()
失败了错误消息
错误域= NSURLErrorDomain代码= -1200发生SSL错误,并且无法与服务器建立安全连接制作。 UserInfo = {_ kCFStreamErrorCodeKey = -9802,NSLocalizedRecoverySuggestion =您是否还想连接到服务器?,NSUnderlyingError = 0x60c00024afb0 {错误域= kCFErrorDomainCFNetwork代码= -1200(null)UserInfo = {_ kCFStreamPropertySSLClientCertificateState = 0,_kCFNetworkCFStreamSSLErrorOriginalValue = -9802, _kCFStreamErrorDomainKey = 3,_kCFStreamErrorCodeKey = -9802}},NSLocalizedDescription =发生了SSL错误,无法建立与服务器的安全连接。,NSErrorFailingURLKey = https://store.dev/api/products.json,NSErrorFailingURLStringKey = https: //store.dev/api/products.json,_kCFStreamErrorDomainKey = 3}
这个完全相同的请求(与(好)成功使用Xcode 9.1。
This exact same request (same project as well) succeeds on Xcode 9.1.
在这两种情况下,我都是针对iOS 11.1部署目标而构建的。您可以看到Xcode正在将URL从http更改为https,这是我不想要的。
In both cases, I'm building against a iOS 11.1 deployment target. You can see that Xcode is changing the url from http to https, which I do not want.
以下是在Xcode 9.1中有效但在9.2中失败的超级基础项目的链接( https://github.com/chrismanderson/ats-sample )。
Here is a link to the super basic project that works in Xcode 9.1 but fails in 9.2 (https://github.com/chrismanderson/ats-sample).
我也试过禁用ATS仅适用于本地 store.dev 域,同样适用于Xcode 9.1但不适用于9.2。
I've also tried disabling ATS just for the local store.dev domain, and again, it works on Xcode 9.1 but not 9.2.
推荐答案
我最初并没有把它放在一起,但我认为正在发生的事情是iOS 11,Apple正在支持 HSTS 。我相信支持HSTS预加载列表,最近与Google结合将.dev TLD添加到HSTS预加载列表,可能会导致iOS尝试强制您使用https,这是失败的(我错过了您尝试使用.dev本地域进行测试,这真的是关键因素)。
I didn't originally put it together, but I think what is happening is that with iOS 11, Apple is supporting HSTS. I believe that support for HSTS preload lists, in combination with Google recently adding the .dev TLD to the HSTS preload list, is likely causing iOS to try to force you to use https, which is failing (I missed that you are trying to use a .dev local domain for testing, which is really the key element here).
我认为您唯一的解决方案是将本地测试域更改为.dev域以外的域。如果您这样做,您应该能够连接,并且它不会尝试强制您在本地开发环境中进行https。
I think your only solution is to change your local testing domain to something other than a .dev domain. If you do that, you should be able to connect, and it won't try to force you to https on your local dev environment.
简而言之,Google已获得.dev顶级域名的权利,并且最近将其添加到HSTS预加载列表中,以强制所有与.dev域名的通信都是安全的。在支持HSTS预加载列表的设备上,这会导致所有流量通过HTTPS重定向,这将导致不支持HTTPS的服务器出错。
In short, Google has gotten rights to the .dev top level domain, and recently added it to the HSTS preload list to force all communication with .dev domains to be secure. On devices that support HSTS preload lists, this causes all traffic to redirect through HTTPS, which will cause errors on servers that don't support HTTPS.
这篇关于在Xcode 9.2中禁用App Transport Security?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
