iOS 9和iOS 10中的App Transport Security问题 [英] App Transport Security issue in iOS 9 and iOS 10
问题描述
Apple宣布 NSAllowArbitraryLoads
将不会很快发挥作用。因此,在iOS 10中,我在我的info.plist中有这个:
Apple has announced that NSAllowArbitraryLoads
will not work soon. Therefore, in iOS 10, I have this in my info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>myAPIdomain</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
</dict>
这适用于我在UIWebView中的API请求和内容。但是,在iOS9中,不支持 NSAllowsArbitraryLoadsInWebContent
,建议包含 NSAllowsArbitraryLoads
以支持iOS 9。但我认为这将覆盖我的 NSExceptionDomains
设置?如何为我的API和UIWebView的HTTP请求在iOS 9和iOS 10上工作并仍然遵循Apple的规则?
This works for my API request and content in UIWebView. However, in iOS9, NSAllowsArbitraryLoadsInWebContent
is not supported and it is recommended to include NSAllowsArbitraryLoads
for iOS 9 support. But I think this will override my NSExceptionDomains
settings? How can I make HTTP requests for my API and UIWebView work on both iOS 9 and iOS 10 and still following Apple's rule?
编辑
支持iOS 9和iOS 10:
For supporting iOS 9 and iOS 10:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>myAPIdomain</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
推荐答案
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
如果您不想支持https(TLS 1.2),可以使用上述条件。但你必须确保它是一个临时修复。从2017年初开始,Apple将https(TLS 1.2)作为强制性的
You can use the above condition if you don't want to support https(TLS 1.2). But you have to make sure it will be a temporary fix. From earlier 2017 Apple make https (TLS 1.2) as mandatory
这篇关于iOS 9和iOS 10中的App Transport Security问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!