本文翻译自:How do I load an HTTP URL with App Transport Security enabled in iOS 9? [duplicate]
This question already has an answer here: 这个问题已经在这里有了答案:
- Transport security has blocked a cleartext HTTP 25 answers 传输安全性已阻止明文HTTP 25答案
So, the new beta SDK of iOS released last night has "App Transport Security" which encourages developers to use https instead of http. 因此,昨晚发布的iOS新Beta Beta SDK具有“应用程序传输安全性”,可鼓励开发人员使用https而非http。 In principle, this is a great idea, and I already use https in our staging/production environments. 原则上,这是个好主意,我已经在舞台/生产环境中使用了https。 However, I don't have https set up in my local development environment, when the iOS app is connecting to a web service I'm running on my laptop. 但是,当iOS应用连接到Web服务时,我没有在本地开发环境中设置https,而我正在笔记本电脑上运行。
From a bit of playing around this morning, it appears that the URL loading system will, even if you hand it an http URL, decide to use https instead. 从今天早上开始的一些活动来看,URL加载系统似乎将决定使用https来代替,即使您将其递为http URL。 Does anyone know how to disable this behaviour -- even just for particular URLs? 有谁知道如何禁用此行为-即使仅针对特定的URL?
#1楼
参考:https://stackoom.com/question/24wjx/如何在iOS-中启用-应用程序传输安全性-的情况下加载HTTP-URL-重复
#2楼
See Apple's Info.plist reference for full details (thanks @gnasher729). 有关完整的详细信息,请参阅Apple的Info.plist参考 (感谢@ gnasher729)。
You can add exceptions for specific domains in your Info.plist: 您可以在Info.plist中为特定域添加例外:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>testdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
All the keys for each excepted domain are optional. 每个例外域的所有键都是可选的。 The speaker did not elaborate on any of the keys, but I think they're all reasonably obvious. 发言人没有详细说明任何按键,但是我认为它们都很明显。
(Source: WWDC 2015 session 703, “Privacy and Your App” , 30:18) (来源: WWDC 2015大会703,“隐私和您的应用” ,30:18)
You can also ignore all app transport security restrictions with a single key, if your app has a good reason to do so: 如果您的应用程序有充分的理由这样做,那么您也可以使用一个键来忽略所有应用程序传输安全性限制:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If your app does not have a good reason, you may risk rejection: 如果您的应用程序没有充分的理由,则可能会遭到拒绝:
Setting NSAllowsArbitraryLoads to true will allow it to work, but Apple was very clear in that they intend to reject apps who use this flag without a specific reason. 将NSAllowsArbitraryLoads设置为true可以使其正常工作,但是Apple非常清楚地表示,他们打算拒绝无特定原因使用此标志的应用程序。 The main reason to use NSAllowsArbitraryLoads I can think of would be user created content (link sharing, custom web browser, etc). 我想到的使用NSAllowsArbitraryLoads的主要原因是用户创建的内容(链接共享,自定义Web浏览器等)。 And in this case, Apple still expects you to include exceptions that enforce the ATS for the URLs you are in control of. 并且在这种情况下,Apple仍然希望您包括对您控制的URL强制实施ATS的例外。
If you do need access to specific URLs that are not served over TLS 1.2, you need to write specific exceptions for those domains, not use NSAllowsArbitraryLoads set to yes. 如果确实需要访问未通过TLS 1.2提供的特定URL,则需要为这些域编写特定的异常,而不要使用设置为yes的NSAllowsArbitraryLoads。 You can find more info in the NSURLSesssion WWDC session. 您可以在NSURLSesssion WWDC会话中找到更多信息。
Please be careful in sharing the NSAllowsArbitraryLoads solution. 在共享NSAllowsArbitraryLoads解决方案时请小心。 It is not the recommended fix from Apple. 这不是Apple推荐的修复程序。
— kcharwood (thanks @marco-tolman) -kcharwood (感谢@ marco-tolman)
#3楼
As accepted answer has provided required info, and for more info about using and disabling App Transport Security one can find more on this . 接受的答案提供了必需的信息,有关使用和禁用App Transport Security的更多信息, 可以找到更多信息 。
For Per-Domain Exceptions add these to the Info.plist : 对于每个域异常,请将其添加到Info.plist中 :
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
But What If I Don't Know All the Insecure Domains I Need to Use? 但是,如果我不知道我需要使用的所有不安全域怎么办? Use following key in your Info.plist 在您的Info.plist中使用以下键
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
For more detail you can get from this link. 有关更多详细信息,您可以从此链接获取。
#4楼
Compiling answers given by @adurdin and @User 编译@adurdin和@User给出的答案
Add followings to your info.plist & change localhost.com with your corresponding domain name, you can add multiple domains as well: 在info.plist中添加以下内容,并使用相应的域名更改localhost.com ,您也可以添加多个域:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>localhost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
</plist>
You info.plist must looks like this: 您的info.plist必须看起来像这样:
#5楼
If you just want to disable App Transport Policy for local dev servers then the following solutions work well. 如果您只想为本地开发服务器禁用“应用程序传输策略”,则以下解决方案可以很好地工作。 It's useful when you're unable, or it's impractical, to set up HTTPS (eg when using the Google App Engine dev server). 当您无法(或不切实际)设置HTTPS时(例如,在使用Google App Engine开发服务器时),这很有用。
As others have said though, ATP should definitely not be turned off for production apps. 正如其他人所说,绝对不应该为生产应用程序关闭ATP。
1) Use a different plist for Debug 1)使用其他plist进行调试
Copy your Plist file and NSAllowsArbitraryLoads. 复制您的Plist文件和NSAllowsArbitraryLoads。 Use this Plist for debugging. 使用此Plist进行调试。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
2) Exclude local servers 2)排除本地服务器
Alternatively, you can use a single plist file and exclude specific servers. 或者,您可以使用单个plist文件,并排除特定的服务器。 However, it doesn't look like you can exclude IP 4 addresses so you might need to use the server name instead (found in System Preferences -> Sharing, or configured in your local DNS). 但是, 您似乎不能排除IP 4地址,因此可能需要改用服务器名称(在“系统偏好设置”->“共享”中找到,或在本地DNS中配置)。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>server.local</key>
<dict/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
#6楼
Configurations above didn't work for me. 上面的配置对我不起作用。 I tried a lot of combinations of keys, this one work fine: 我尝试了很多组合键,这很好用:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mydomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
