简体繁体 English

禁用App Transport Security和潜在的下级客户端中断

[英]Disabling App Transport Security and potential down-level client breaks

原文 2016-10-19 11:10:57 4 1 ios/ objective-c/ swift/ security/ secure-transport

In my current application I've disabled the App Transport Security (ATS) , by making the flag Allow Arbitrary Loads as YES. 在我当前的应用程序中，我已禁用App Transport Security（ATS），方法是将Allow Arbitrary Loads标志设置为YES。 Now I'm adopting ATS ie latest version of my application will be adopted ATS. 现在我采用ATS，即我的应用程序的最新版本将采用ATS。

My Question is for the users who are having my old version application will work after end of this year ? 我的问题是那些使用我的旧版本应用程序的用户将在今年年底之后工作吗？

Thanks in advance. 提前致谢。

1 个解决方案

If your app does not have a specific reason, you may risk rejection: 如果您的应用没有特定原因，则可能会遭到拒绝：

Setting NSAllowsArbitraryLoads to true will allow it to work, but Apple was very clear in that they intend to reject apps who use this flag without a specific reason. 将NSAllowsArbitraryLoads设置为true将允许它工作，但Apple非常清楚，他们打算拒绝使用此标志的应用程序而没有特定原因。 The main reason to use NSAllowsArbitraryLoads I can think of would be user created content (link sharing, custom web browser, etc). 使用NSAllowsArbitraryLoads我可以想到的是用户创建的内容（链接共享，自定义Web浏览器等）。 And in this case, Apple still expects you to include exceptions that enforce the ATS for the URLs you are in control of. 在这种情况下，Apple仍然希望您包含对您控制的URL强制执行ATS的例外情况。

If you do need access to specific URLs that are not served over TLS 1.2, you need to write specific exceptions for those domains, not use NSAllowsArbitraryLoads set to YES . 如果确实需要访问未通过TLS 1.2提供的特定URL，则需要为这些域编写特定的例外，而不是使用设置为YES NSAllowsArbitraryLoads 。 You can find more info in the NSURLSesssion WWDC session . 您可以在NSURLSesssion WWDC会话中找到更多信息。

Please be careful in sharing the NSAllowsArbitraryLoads solution. 请小心共享NSAllowsArbitraryLoads解决方案。 It is not the recommended fix from Apple. 这不是Apple的推荐修复。