Reputation: 24583
ATS and http in iOS 10
In iOS 9 with ATS (App Transport Security) enabled without any exceptions I could not connect to a server via http. Which I would expect.
IE:
However with no changes in iOS 10 I can make that connection.
Looking here I don't see any updates on why this might be: https://developer.apple.com/library/content/releasenotes/General/WhatsNewIniOS/Articles/iOS10.html
Any ideas? I want to make sure I am still getting ATS protection.
Upvotes: 1
Views: 1212
Answers (1)
Reputation: 1504
Availability of ATS for Remote and Local Connections App Transport Security (ATS) applies only to connections made to public host names. The system does not provide ATS protection to connections made to:
- Internet protocol (IP) addresses
- Unqualified host names
- Local hosts employing the .local top-level domain (TLD)
To connect to an unqualified host name or to a .local domain, you must set the value of the NSAllowsLocalNetworking key to YES.
Note: Although ATS is unenforced for connection to local hosts, Apple strongly recommends using Transport Layer Security (TLS) for any local connection, along with the use of a self-signed certificate to validate the local IP address. Apple Doc.
The system does not provide ATS protection to connections that with Internet protocol (IP) addresses. So We can connect to server IP without any NSAllowsLocalNetworking in the plist file.
Upvotes: 2
Related Questions
- Transport security has blocked a cleartext HTTP
- WKWebView http -> https redirection for iOS 10 ATS Compliance
- iOS9 App Transport Security
- How can we use HTTP and HTTPS both ATS (App Transport Security) in One Application?
- iOS10 A http request becomes https request, but some not
- App Transport Security (ATS) and local already secure connections
- App Transport Security issue in iOS 9 and iOS 10
- Support of http call and ATS at the same time
- ATS App Transport Security: HTTP url inside Webview
- (ATS) Application Transport Security iOS 9