Some Thoughts on iOS10 ATS Configuration
ATS cannot restrict IP addresses
Assume that the api to be called is /foo/bar/doSth
- If the server address is, /foo/bar/doSth will be intercepted by ATS because it is unsafe
- If the server address is 221.233.20.115:9090, then http://221.233.20.115:9090/foo/bar/doSth will not be intercepted by ATS, even if it is using the http protocol
- This is also mentioned in my other translation article Apple Document Translation iOS10 NSAppTransportSecurity
Third-party SDKs also need to comply with ATS rules
That is, third-party SDKs also have the risk of being filtered by ATS. Currently known are:
- aurora
- Youmeng
- Baidu Map
Configuration example
The following examples are configured as follows:
iOS10
- Web View can load any content (NSAllowsArbitraryLoadsInWebContent)
- All its subdomains (for example, API and image server) can be accessed using http connection
- All its subdomains can be accessed using http connection (third-party SDKs also need to comply with ATS rules, so they need to list all third-party SDK domains that still use http requests and add them to exceptions)
iOS9
ATS is completely shut down (NSAllowsArbitraryLoads)
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key></key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
<key></key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
Thank you for reading, I hope it can help you. Thank you for your support for this site!