Reputation: 933
iOS 9 App Transport Security for multiple services
I am using parse.com, layer.com, and my company url for terms/privacy policy, as well as other frameworks in cocoapods like google places api.
I am stuck because I want to use the correct Apple Transport Settings, and I can't seem to figure out how to include all the things I need in the info.plist. I don't want it to get rejected from the app store on submission.
I have done research on stack overflow and people either by passed it or gave an example for one domain. It still isn't clear how I should add this in the xml.
Upvotes: 0
Views: 106
Answers (2)
Reputation: 9143
If you know how to add one domain to the exceptions dictionary, then you just do the same for all the others. Here's an example:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>parse.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>layer.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>my-company.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Also, the full spec for NSAppTransportSecurity keys can be found here.
Upvotes: 1
Reputation: 1454
don't worry about the reject things
according to this guys answer
The good news is Apple Accepted my app with NSAllowsArbitraryLoads set to YES.
So in your case the simplest way is to allow all http request in this way, and if your app have built-in web browser, this is definitely your choice
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If you want to just allow specific http request, then you can add this in your info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
code above says allow yourserver.com and its subdomain http connection
Upvotes: 0
Related Questions
- App Transport Security - Error Domain=NSURLErrorDomain Code=-1200
- Xcode building for iOS Simulator, but linking in an object file built for iOS, for architecture 'arm64'
- Transport security has blocked a cleartext HTTP
- Capture iOS Simulator video for App Preview
- The resource could not be loaded because the App Transport Security policy requires the use of a secure connection
- How can I change the name of an iOS app in Xcode?
- How can I check for an active Internet connection on iOS or macOS?
- Xcode 7 error: "Missing iOS Distribution signing identity for ..."
- Add IP Range to Transport Security Layer in Info.plist iOS