* .apple.com的自动ATS例外?

时间:2016-07-09 01:20:21

标签: ios http app-transport-security

我想知道Apple的示例应用程序(https://developer.apple.com/library/ios/samplecode/sc1791/Introduction/Intro.html)如何能够建立"清除" http连接没有任何App Transport Security异常。我最初认为这是WWDC 2016期间提到的加密HLS的AVFoundation自动例外(讲座706)。但我无法使用我的应用程序重现它。

对* .apple.com的明确http请求似乎有一个自动ATS例外。下面非常简单的ios应用程序代码显示了有趣的结果:

#import "ViewController.h"

@interface ViewController ()

@end

@implementation ViewController

- (void) loadUrl:(NSString*)url {
    NSData* data = [[NSData alloc] initWithContentsOfURL:[NSURL URLWithString:url]];

    if ( data == nil ) {
        NSLog (@"Failed %@", url);
    } else {
        NSLog(@"Success %@", url);
    }
}

- (void)viewDidLoad {
    [super viewDidLoad];
    // Do any additional setup after loading the view, typically from a nib.

    setenv("CFNETWORK_DIAGNOSTICS", "3", 1);

    [self loadUrl:@"http://images.apple.com/v/ipad-pro/d/built/styles/main.built.css"];

    // P.S. images.apple.com = 23.204.108.40
    [self loadUrl:@"http://23.204.108.40/v/ipad-pro/d/built/styles/main.built.css"];

    [self loadUrl:@"http://stackoverflow.com/"];
}

- (void)didReceiveMemoryWarning {
    [super didReceiveMemoryWarning];
    // Dispose of any resources that can be recreated.
}

@end

输出日志为:

2016-07-08 17:58:33.003 test_ats[1392:79179] CFNetwork diagnostics log file created at: /Users/-------/Library/Developer/CoreSimulator/Devices/67E929A8-9487-404B-87C1-35FB38CD67DE/data/Containers/Data/Application/D4D0CA81-889E-4E58-A4F8-DBDDB516AC1B/Library/Logs/CrashReporter/CFNetwork_com.------.test-ats_1392.nwlrb.log
2016-07-08 17:58:33.085 test_ats[1392:79130] Success http://images.apple.com/v/ipad-pro/d/built/styles/main.built.css
2016-07-08 17:58:33.086 test_ats[1392:79189] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
2016-07-08 17:58:33.086 test_ats[1392:79130] Failed http://23.204.108.40/v/ipad-pro/d/built/styles/main.built.css
2016-07-08 17:58:33.087 test_ats[1392:79130] Failed http://stackoverflow.com/

网络诊断文件显示第一个http请求已通过,另外两个被ATS阻止(如果-1022确实是ATS)

[...]
Response Error
    Request: <CFURLRequest 0x7fa328c4e5c0 [0x10e795a40]> {url = http://23.204.108.40/v/ipad-pro/d/built/styles/main.built.css, cs = 0x0}
      Error: Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"
[...]
Response Error
    Request: <CFURLRequest 0x7fa328c54240 [0x10e795a40]> {url = http://stackoverflow.com/, cs = 0x0}
      Error: Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"
[...]

0 个答案:

没有答案