iOS10 ATS Configuration Details
- 2021-07-24 11:51:11
- OfStack
Thoughts on iOS10 ATS Configuration
ATS cannot restrict IP addresses
Assume that the api to be invoked is/foo/bar/doSth
If the server address is api. myserver. com, http://api. myserver. com/foo/bar/doSth will be blocked by ATS because it is not secure If the server address is 221.233. 20.115:9090, then http://221.233. 20.115: 9090/foo/bar/doSth will not be intercepted by ATS, even if it uses the http protocol This is also mentioned in my other translation article Apple Document Translation iOS10 NSAppTransportSecurity
The third party SDK also needs to abide by ATS rules
That is, the third party SDK also has the risk of being filtered by ATS. At present, it is known that:
Configuration example
The following example is configured as follows:
iOS10
Web View can load anything (NSAllowsArbitraryLoadsInWebContent) myserver. com and all its subdomains (for example, api and picture servers) are accessible using an http connection myserver. com and all its subdomains can be accessed using an http connection. (Third party SDK is also subject to ATS rules, so you need to list all third party SDK domains that still use http requests and add them to exceptions.)iOS9
ATS Full Shutdown (NSAllowsArbitraryLoads)
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>myserver.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
<key>jpush.cn</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
Thank you for reading, hope to help everyone, thank you for your support to this site!