如何在 iOS 9 中启用应用传输安全性加载 HTTP URL?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30731785/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I load an HTTP URL with App Transport Security enabled in iOS 9?
提问by Graeme Mathieson
So, the new beta SDK of iOS released last night has "App Transport Security" which encourages developers to use https instead of http. In principle, this is a great idea, and I already use https in our staging/production environments. However, I don't have https set up in my local development environment, when the iOS app is connecting to a web service I'm running on my laptop.
所以,昨晚发布的iOS新Beta SDK有“App Transport Security”,鼓励开发者使用https而不是http。原则上,这是一个好主意,我已经在我们的临时/生产环境中使用了 https。但是,当 iOS 应用程序连接到我在笔记本电脑上运行的 Web 服务时,我没有在本地开发环境中设置 https。
From a bit of playing around this morning, it appears that the URL loading system will, even if you hand it an http URL, decide to use https instead. Does anyone know how to disable this behaviour -- even just for particular URLs?
从今天早上的一些玩意来看,URL 加载系统似乎会决定使用 https,即使您给它一个 http URL。有谁知道如何禁用这种行为——即使只是针对特定的 URL?
回答by adurdin
See Apple's Info.plist referencefor full details (thanks @gnasher729).
有关完整详细信息,请参阅 Apple 的Info.plist 参考(感谢 @gnasher729)。
You can add exceptions for specific domains in your Info.plist:
您可以在 Info.plist 中为特定域添加例外:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>testdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
All the keys for each excepted domain are optional. The speaker did not elaborate on any of the keys, but I think they're all reasonably obvious.
每个例外域的所有密钥都是可选的。演讲者没有详细说明任何键,但我认为它们都相当明显。
(Source: WWDC 2015 session 703, “Privacy and Your App”, 30:18)
(来源:WWDC 2015 session 703,“隐私和你的应用”,30:18)
You can also ignore all app transport security restrictions with a single key, if your app has a good reason to do so:
如果您的应用有充分的理由这样做,您还可以使用单个密钥忽略所有应用传输安全限制:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If your app does not have a good reason, you may risk rejection:
如果您的应用没有充分的理由,您可能会面临被拒绝的风险:
Setting NSAllowsArbitraryLoads to true will allow it to work, but Apple was very clear in that they intend to reject apps who use this flag without a specific reason. The main reason to use NSAllowsArbitraryLoads I can think of would be user created content (link sharing, custom web browser, etc). And in this case, Apple still expects you to include exceptions that enforce the ATS for the URLs you are in control of.
If you do need access to specific URLs that are not served over TLS 1.2, you need to write specific exceptions for those domains, not use NSAllowsArbitraryLoads set to yes. You can find more info in the NSURLSesssion WWDC session.
Please be careful in sharing the NSAllowsArbitraryLoads solution. It is not the recommended fix from Apple.
将 NSAllowsArbitraryLoads 设置为 true 将允许它工作,但 Apple 非常清楚,他们打算拒绝使用此标志的应用程序,而没有特定原因。我能想到的使用 NSAllowsArbitraryLoads 的主要原因是用户创建的内容(链接共享、自定义 Web 浏览器等)。在这种情况下,Apple 仍然希望您包含对您控制的 URL 强制执行 ATS 的例外情况。
如果您确实需要访问不通过 TLS 1.2 提供服务的特定 URL,您需要为这些域编写特定的例外,而不是使用设置为 yes 的 NSAllowsArbitraryLoads。您可以在 NSURLSession WWDC 会话中找到更多信息。
请小心分享 NSAllowsArbitraryLoads 解决方案。这不是 Apple 推荐的修复方法。
— kcharwood(thanks @marco-tolman)
- kcharwood(感谢@marco-tolman)
回答by Akshay Sunderwani
As accepted answer has provided required info, and for more info about using and disabling App Transport Security one can find more on this.
由于接受的答案提供了所需的信息,有关使用和禁用 App Transport Security 的更多信息,可以在此找到更多信息。
For Per-Domain Exceptions add these to the Info.plist:
对于每域异常,将这些添加到Info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
But What If I Don't Know All the Insecure Domains I Need to Use?Use following key in your Info.plist
但是如果我不知道我需要使用的所有不安全域怎么办?在您的Info.plist 中使用以下键
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
回答by Manab Kumar Mal
Followed this.
跟着这个。
I have solved it with adding some key in info.plist. The steps I followed are:
我已经通过在 info.plist 中添加一些键来解决它。我遵循的步骤是:
Opened my Projects
info.plistfileAdded a Key called
NSAppTransportSecurityas aDictionary.- Added a Subkey called
NSAllowsArbitraryLoadsasBooleanand set its value toYESas like following image.
打开我的项目
info.plist文件增加了一个名为关键
NSAppTransportSecurity的Dictionary。- 添加了一个名为
NSAllowsArbitraryLoadsas的子项Boolean并将其值设置YES为如下图所示。
Clean the Project and Now Everything is Running fine as like before.
清理项目,现在一切都像以前一样正常运行。
Ref Link.
参考链接。
回答by Ian
If you just want to disable App Transport Policy for local dev servers then the following solutions work well. It's useful when you're unable, or it's impractical, to set up HTTPS (e.g. when using the Google App Engine dev server).
如果您只想禁用本地开发服务器的应用程序传输策略,那么以下解决方案效果很好。当您无法设置 HTTPS 或设置 HTTPS 不切实际时(例如,在使用 Google App Engine 开发服务器时),它会很有用。
As others have said though, ATP should definitely not be turned off for production apps.
正如其他人所说,绝对不应该为生产应用程序关闭 ATP。
1) Use a different plist for Debug
1) 使用不同的 plist 进行调试
Copy your Plist file and NSAllowsArbitraryLoads. Use this Plist for debugging.
复制您的 Plist 文件和 NSAllowsArbitraryLoads。使用此 Plist 进行调试。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
2) Exclude local servers
2) 排除本地服务器
Alternatively, you can use a single plist file and exclude specific servers. However, it doesn't look like you can exclude IP 4 addressesso you might need to use the server name instead (found in System Preferences -> Sharing, or configured in your local DNS).
或者,您可以使用单个 plist 文件并排除特定服务器。但是,您似乎无法排除 IP 4 地址,因此您可能需要改用服务器名称(在系统偏好设置 -> 共享中找到,或在本地 DNS 中配置)。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>server.local</key>
<dict/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
回答by Avinash651
I have solved as plist file.
我已经解决了 plist 文件。
- Add a NSAppTransportSecurity : Dictionary.
- Add Subkey named " NSAllowsArbitraryLoads " as Boolean : YES
- 添加 NSAppTransportSecurity : 字典。
- 将名为“NSAllowsArbitraryLoads”的子项添加为布尔值:YES
回答by Damien Romito
Configurations above didn't work for me. I tried a lot of combinations of keys, this one work fine:
上面的配置对我不起作用。我尝试了很多键组合,这个很好用:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mydomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
回答by Aqib Mumtaz
Compiling answers given by @adurdin and @User
编译@adurdin 和@User 给出的答案
Add followings to your info.plist & change localhost.comwith your corresponding domain name, you can add multiple domains as well:
将以下内容添加到您的 info.plist 并更改localhost.com为您对应的域名,您也可以添加多个域:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>localhost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
</plist>
You info.plist must looks like this:
你 info.plist 必须是这样的:
回答by 0yeoj
Here's what worked for me:
以下是对我有用的内容:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key><!-- your_remote_server.com / localhost --></key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
</dict>
<!-- add more domain here -->
</dict>
</dict>
I just wanna add this to help others and save some time:
我只是想添加这个来帮助别人并节省一些时间:
if you are using: CFStreamCreatePairWithSocketToHost. make sure your hostis the same with what you have in your .plistor if you have separate domain for socket just add it there.
如果您正在使用:CFStreamCreatePairWithSocketToHost。确保您host的与您拥有的相同,.plist或者如果您有单独的套接字域,只需将其添加到那里。
CFStreamCreatePairWithSocketToHost(NULL, (__bridge CFStringRef)/*from .plist*/, (unsigned int)port, &readStream, &writeStream);
Hope this is helpful. Cheers. :)
希望这是有帮助的。干杯。:)
