为什么无法访问?
Why couldn't access?
我想在 iOS 模拟器上访问公司内部的 https 页面。
可以在 safari 上访问此页面。
但是WKWebView无法访问。
程序报如下错误。
An SSL error has occurred and a secure connection to the server cannot be made.
TLS 版本为 TLSv1.2。
如果我设置 NSAllowsArbitraryLoads,我可以访问。
但是我觉得这样不好。
我的代码如下。
//
// ViewController.swift
// TestClient
//
// Created by 平塚 俊輔 on 2015/12/07.
// Copyright © 2015年 平塚 俊輔. All rights reserved.
//
//1.WebKit Frameworkをimportする
import WebKit
class ViewController: UIViewController, WKNavigationDelegate {
//2.WKWebviewの宣言!
var _webkitview: WKWebView?
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view, typically from a nib.
//3.WebKitのインスタンス作成!
self._webkitview = WKWebView()
//4.ここでWebKitをviewに紐付け
self.view = self._webkitview!
self._webkitview!.navigationDelegate = self
//5.URL作って、表示させる!
var url = NSURL(string:"https:/******")
var req = NSURLRequest(URL:url!)
self._webkitview!.loadRequest(req)
}
// MARK: WKNavigationDelegate
func webView(webView: WKWebView, didStartProvisionalNavigation navigation: WKNavigation!) {
NSLog("Start")
}
func webView(webView: WKWebView!, didFailNavigation navigation: WKNavigation!, withError error: NSError!) {
NSLog("Failed Navigation %@", error.localizedDescription)
}
func webView(webView: WKWebView!, didFinishNavigation navigation: WKNavigation!) {
// Finish navigation
NSLog("Finish Navigation")
NSLog("Title:%@ URL:%@", webView.title!, webView.URL!)
// Run Javascript(For local)
// webView.evaluateJavaScript("var el=document.getElementById('user');el.style.backgroundColor='yellow';", nil)
}
func webView(webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: NSError) {
print(error)
}
override func didReceiveMemoryWarning() {
super.didReceiveMemoryWarning()
// Dispose of any resources that can be recreated.
}
}
这是什么问题?
顺便说一句,我可以在真机上访问。
我无法仅在模拟器上访问。
在 iOS9 中,Apple 引入了应用程序传输安全 (ATS),它可以阻止来自 iOS 个应用程序的所有不安全的 HTTP 流量。
要禁用 ATS,您可以按照以下快速步骤操作:右键单击 Info.plist 和 select view as>source code,然后添加以下行:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
但这不是推荐的方法。您必须为要访问的域添加例外,例如:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
您可以在
中找到您需要的所有信息
应用程序传输安全涉及的不仅仅是 HTTPS (TLS)。它还涉及可能允许或不允许的特定类型的密码和证书。
您可以在此处找到详细信息:
Requirements for Connecting Using ATS
The requirements for a web
service connection to use App Transport Security (ATS) involve the
server, connection ciphers, and certificates, as follows:
- Certificates must be signed with one of the following types of keys:
- Secure Hash Algorithm 2 (SHA-2) key with a digest length of at least
256 (that is, SHA-256 or greater)
- Elliptic-Curve Cryptography (ECC)
key with a size of at least 256 bits
- Rivest-Shamir-Adleman (RSA) key
with a length of at least 2048 bits
An invalid certificate results in
a hard failure and no connection.
- The following connection ciphers
support forward secrecy (FS) and work with ATS:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
"good" 选项是重新配置您的服务器以使用适当的密码和证书。否则,您可以针对所有站点或仅针对特定域 and/or 子域全局或更细化地禁用检查。 "tighter" 异常越多越好。
我想在 iOS 模拟器上访问公司内部的 https 页面。 可以在 safari 上访问此页面。 但是WKWebView无法访问。 程序报如下错误。
An SSL error has occurred and a secure connection to the server cannot be made.
TLS 版本为 TLSv1.2。
如果我设置 NSAllowsArbitraryLoads,我可以访问。 但是我觉得这样不好。
我的代码如下。
//
// ViewController.swift
// TestClient
//
// Created by 平塚 俊輔 on 2015/12/07.
// Copyright © 2015年 平塚 俊輔. All rights reserved.
//
//1.WebKit Frameworkをimportする
import WebKit
class ViewController: UIViewController, WKNavigationDelegate {
//2.WKWebviewの宣言!
var _webkitview: WKWebView?
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view, typically from a nib.
//3.WebKitのインスタンス作成!
self._webkitview = WKWebView()
//4.ここでWebKitをviewに紐付け
self.view = self._webkitview!
self._webkitview!.navigationDelegate = self
//5.URL作って、表示させる!
var url = NSURL(string:"https:/******")
var req = NSURLRequest(URL:url!)
self._webkitview!.loadRequest(req)
}
// MARK: WKNavigationDelegate
func webView(webView: WKWebView, didStartProvisionalNavigation navigation: WKNavigation!) {
NSLog("Start")
}
func webView(webView: WKWebView!, didFailNavigation navigation: WKNavigation!, withError error: NSError!) {
NSLog("Failed Navigation %@", error.localizedDescription)
}
func webView(webView: WKWebView!, didFinishNavigation navigation: WKNavigation!) {
// Finish navigation
NSLog("Finish Navigation")
NSLog("Title:%@ URL:%@", webView.title!, webView.URL!)
// Run Javascript(For local)
// webView.evaluateJavaScript("var el=document.getElementById('user');el.style.backgroundColor='yellow';", nil)
}
func webView(webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: NSError) {
print(error)
}
override func didReceiveMemoryWarning() {
super.didReceiveMemoryWarning()
// Dispose of any resources that can be recreated.
}
}
这是什么问题?
顺便说一句,我可以在真机上访问。 我无法仅在模拟器上访问。
在 iOS9 中,Apple 引入了应用程序传输安全 (ATS),它可以阻止来自 iOS 个应用程序的所有不安全的 HTTP 流量。
要禁用 ATS,您可以按照以下快速步骤操作:右键单击 Info.plist 和 select view as>source code,然后添加以下行:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
但这不是推荐的方法。您必须为要访问的域添加例外,例如:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
您可以在
应用程序传输安全涉及的不仅仅是 HTTPS (TLS)。它还涉及可能允许或不允许的特定类型的密码和证书。
您可以在此处找到详细信息:
Requirements for Connecting Using ATS
The requirements for a web service connection to use App Transport Security (ATS) involve the server, connection ciphers, and certificates, as follows:
- Certificates must be signed with one of the following types of keys:
- Secure Hash Algorithm 2 (SHA-2) key with a digest length of at least 256 (that is, SHA-256 or greater)
- Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
- Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits
An invalid certificate results in a hard failure and no connection.
- The following connection ciphers support forward secrecy (FS) and work with ATS:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
"good" 选项是重新配置您的服务器以使用适当的密码和证书。否则,您可以针对所有站点或仅针对特定域 and/or 子域全局或更细化地禁用检查。 "tighter" 异常越多越好。