App TranSport 安全,允许任意加载在升级到 IOS 10.1 后不起作用
App TranSport security, allow arbitrary load not working after upgrade to IOS 10.1
我有一个在 ios 9 和 10.0 中运行良好的应用程序(我已将“允许任意加载 = 是”的应用程序传输安全阻止添加到我的 info.plist。但是在升级到10.1 和 Xcode 8.1 App Transport Security 似乎有问题。我无法连接到服务器。我的服务器最多只支持 TLS 1.1
显示此错误
Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
可能是 IOS 10.1 忽略 .plist 信息。 (请注意,在 9.3 到 10.0 上它仍然可以正常工作)。
我的 .plist 文件
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>SingPost</string>
<key>CFBundleExecutable</key>
<string>${EXECUTABLE_NAME}</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${PRODUCT_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.8.7</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fb1540614276180366</string>
</array>
<key>Item 0</key>
<string>fb1540614276180366</string>
</dict>
</array>
<key>CFBundleVersion</key>
<string>1.8.7</string>
<key>FacebookAppID</key>
<string>1540614276180366</string>
<key>FacebookDisplayName</key>
<string>Singpost</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>prdesb1.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
<key>NSCameraUsageDescription</key>
<string>$(PRODUCT_NAME) camera use</string>
<key>NSLocationAlwaysUsageDescription</key>
<string> </string>
<key>NSLocationWhenInUseUsageDescription</key>
<string> </string>
<key>NSPhotoLibraryUsageDescription</key>
<string>$(PRODUCT_NAME) uses photos</string>
<key>UIAppFonts</key>
<array>
<string>OpenSans-Regular.ttf</string>
<string>OpenSans-Bold.ttf</string>
<string>OpenSans-Semibold.ttf</string>
<string>OpenSans-Light.ttf</string>
<string>OpenSans-LightItalic.ttf</string>
</array>
<key>UIBackgroundModes</key>
<array>
<string>remote-notification</string>
</array>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UIRequiresFullScreen</key>
<true/>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
<key>UISupportedInterfaceOrientations~ipad</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
</dict>
</plist>
我修复了我的添加 exeptiondomain 但在控制台中出现此错误
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) –
根据建议进行编辑。我将我的 plist 更改为
<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mysam.sg</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
通过指定 NSAllowsArbitraryLoadsInWebContent,您将覆盖 iOS 10 上的 NSAllowsArbitraryLoads。
In iOS 10 and later, and macOS 10.12 and later, the value of [the NSAllowsArbitraryLoads] key is ignored if any of the following keys are present in your app’s Info.plist file:
- NSAllowsArbitraryLoadsForMedia
- NSAllowsArbitraryLoadsInWebContent
- NSAllowsLocalNetworking
来源:App Transport Security dictionary primary keys(苹果)
此外,您提供的 NSExceptionDomain 词典似乎与 current documented format 不匹配。具体来说,键不匹配:
NSTemporaryExceptionAllowsInsecureHTTPLoads 应该是 NSExceptionAllowsInsecureHTTPLoads
NSTemporaryExceptionMinimumTLSVersion 应该是 NSExceptionMinimumTLSVersion
NSTemporaryExceptionRequiresForwardSecrecy 应该是 NSExceptionRequiresForwardSecrecy
我有一个在 ios 9 和 10.0 中运行良好的应用程序(我已将“允许任意加载 = 是”的应用程序传输安全阻止添加到我的 info.plist。但是在升级到10.1 和 Xcode 8.1 App Transport Security 似乎有问题。我无法连接到服务器。我的服务器最多只支持 TLS 1.1
显示此错误
Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
可能是 IOS 10.1 忽略 .plist 信息。 (请注意,在 9.3 到 10.0 上它仍然可以正常工作)。
我的 .plist 文件
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>SingPost</string>
<key>CFBundleExecutable</key>
<string>${EXECUTABLE_NAME}</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${PRODUCT_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.8.7</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fb1540614276180366</string>
</array>
<key>Item 0</key>
<string>fb1540614276180366</string>
</dict>
</array>
<key>CFBundleVersion</key>
<string>1.8.7</string>
<key>FacebookAppID</key>
<string>1540614276180366</string>
<key>FacebookDisplayName</key>
<string>Singpost</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>prdesb1.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
<key>NSCameraUsageDescription</key>
<string>$(PRODUCT_NAME) camera use</string>
<key>NSLocationAlwaysUsageDescription</key>
<string> </string>
<key>NSLocationWhenInUseUsageDescription</key>
<string> </string>
<key>NSPhotoLibraryUsageDescription</key>
<string>$(PRODUCT_NAME) uses photos</string>
<key>UIAppFonts</key>
<array>
<string>OpenSans-Regular.ttf</string>
<string>OpenSans-Bold.ttf</string>
<string>OpenSans-Semibold.ttf</string>
<string>OpenSans-Light.ttf</string>
<string>OpenSans-LightItalic.ttf</string>
</array>
<key>UIBackgroundModes</key>
<array>
<string>remote-notification</string>
</array>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UIRequiresFullScreen</key>
<true/>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
<key>UISupportedInterfaceOrientations~ipad</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
</dict>
</plist>
我修复了我的添加 exeptiondomain 但在控制台中出现此错误
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) –
根据建议进行编辑。我将我的 plist 更改为
<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mysam.sg</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
通过指定 NSAllowsArbitraryLoadsInWebContent,您将覆盖 iOS 10 上的 NSAllowsArbitraryLoads。
In iOS 10 and later, and macOS 10.12 and later, the value of [the
NSAllowsArbitraryLoads] key is ignored if any of the following keys are present in your app’s Info.plist file:
- NSAllowsArbitraryLoadsForMedia
- NSAllowsArbitraryLoadsInWebContent
- NSAllowsLocalNetworking
来源:App Transport Security dictionary primary keys(苹果)
此外,您提供的 NSExceptionDomain 词典似乎与 current documented format 不匹配。具体来说,键不匹配:
NSTemporaryExceptionAllowsInsecureHTTPLoads应该是NSExceptionAllowsInsecureHTTPLoadsNSTemporaryExceptionMinimumTLSVersion应该是NSExceptionMinimumTLSVersionNSTemporaryExceptionRequiresForwardSecrecy应该是NSExceptionRequiresForwardSecrecy