Domain Exceptions KeysĪpp Transport Security imposes a number of rules on an application's network behavior. In that scenario, the App Transport Security rules apply to and its subdomains. If we opt out of App Transport Security by setting the value of NSAllowsArbitraryLoads to true, the behavior of the domain exception is different. The NSExceptionAllowsInsecureHTTPLoads key indicates that network requests not made over HTTPS are allowed for this domain and its subdomains. By setting NSIncludesSubdomains, we tell App Transport Security to apply this domain exception to every subdomain of. In this example, we enable App Transport Security and define a domain exception for. Take a look at the following example for clarification. The value of the key is a dictionary with every key of the dictionary being a domain exception. You add the NSExceptionDomains key to the NSAppTransportSecurity dictionary of the target's ist. Adding a Domain ExceptionĪdding a domain exception is easy. In short, the effect of a domain exception depends on the App Transport Security configuration of the target. If you decide to opt out of App Transport Security, then App Transport Security rules are applied to the domain specified by the domain exception. What does that mean? If you decide to opt in to App Transport Security, then the domain exception exempts the specified domain from the App Transport Security rules. Current ConfigurationĪ domain exception is evaluated against the current App Transport Security configuration. This may change in the future and I hope it does. It is unclear whether this is a bug Apple plans to address. This means, for example, that a static IP address cannot be used to define a domain exception. Domain exceptions can only be used for valid domain names. The second important limitation is one I ran into a few weeks ago. That said, you can specify that subdomains of a domain should also be included in the domain exception. You cannot specify a domain exception at runtime. The first limitation is that they are static. Predefined Domainsĭomain exceptions have a few important limitations. What Are Domain ExceptionsĪpp Transport Security domain exceptions exempt network requests to a predefined domain from the current App Transport Security configuration. It is not recommended to opt out of App Transport Security since Apple plans to require App Transport Security starting 1 January 2017. The only difference with the previous example is that you explicitly opt out of App Transport Security by adding the following snippet to the target's ist. Opting out of App Transport Security is pretty easy as you can see below. This block of XML explicitly defines that the application does not allow network request that don't comply with the strict rules defined by App Transport Security. Even though App Transport Security is enabled by default, it can be helpful, for example if you are working in a team, to explicitly define the App Transport Security configuration by adding the following snippet to the target's ist. App Transport Security is enabled by default for any build created with Xcode 7 and higher. If you opt in to App Transport Security, there is nothing you need to do. As I mentioned yesterday, there are four possible App Transport Security configurations. Configuring App Transport Securityīefore I discuss App Transport Security exception domains, I want to emphasize that the first decision you need to make is whether or not you opt in to App Transport Security. Exception domains allow you to specify which domains are exempt from the rules you define for App Transport Security. In this tutorial, I would like to zoom in on exception domains. It is important that you plan ahead and understand how this requirement impacts your applications. Apple recently announced that every build submitted to the App Store needs to have App Transport Security enabled starting on 1 January 2017. Despite Apple's bold move to enable App Transport Security by default for any build created with Xcode 7 and higher, many developers are confused, disabling it altogether. Yesterday, I wrote about App Transport Security and I showed you how to configure a project for App Transport Security.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |