App Transport Security不适用于.ninja域名(Swift2 / XCode7)

时间:2015-10-10 21:05:08

标签: ios xcode ios9 xcode7 app-transport-security

使用XCode7 / Swift2并尝试加载网页,我一直被App Transport Security(ATS)阻止 - 原因似乎是ATS不适用于.ninja网络扩展。

意思是,您可以为domains.com添加例外,然后您可以在网页浏览中访问此网站。但是,您无法为domains.ninja添加例外,尽管这是一个有效的网址。我已经完全测试了这一点。

现在,我能够从somewebsite.ninja加载内容的唯一方法是,如果我在Info.plist文件中完全关闭ATS(NSAppTransportSecurity> NSAllowsArbitraryLoads> YES),但我知道这不是正确的做事方式。我还担心,当我将应用程序提交到应用程序商店时,这可能会导致问题。

有谁知道如何为.ninja域名的ATS添加例外?

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>domains.com</key>
            <dict>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
            <key>domains.ninja</key>
            <dict>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
    </dict>

以上将允许您在webview中加载domains.com但不加载domains.ninja,即使键/选项与域名扩展名完全相同。

1 个答案:

答案 0 :(得分:1)

我能够在domains.ninja中加载UIWebView页面,但我必须包含该页面引用的所有其他域名 - 各种分析,CDN和跟踪网站。

我的info.plist摘录是 - 

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>domains.ninja</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>www.geoplugin.net</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>marketo.net</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>googleapis.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>netdna.bootstrapcdn.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>www.google-analytics.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>mktoresp.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>gstatic.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

因此,最后只关闭ATS并为支持TLS的域添加例外可能更简单。

相关问题
最新问题