> On Dec 4, 2017, at 4:11 PM, Tom Pusateri <[email protected]> wrote:
>
>>
>> On Dec 4, 2017, at 3:44 PM, Daniel Jalkut <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> I’ve proactively configured ATS in my app so that domains I expect to always
>> support HTTPS are required to use it. One of the domains I’ve configured in
>> this way is “wordpress.com <http://wordpress.com/>”.
>>
>> I’m seeing a puzzling behavior in which an NSURLSession data task fails with
>> -1022 (NSURLErrorAppTransportSecurityRequiresSecureConnection) when I try to
>> load:
>>
>> http://sweatershots.wordpress.com/ <http://sweatershots.wordpress.com/>
>>
>> But succeeds when I try to load:
>>
>> http://sweatertest.wordpress.com/
>>
>> I can’t make any sense of it. The only thing to note about the failing URL
>> are that it was a new subdomain just registered at WordPress.com today. The
>> succeeding one is a URL that I have worked with from this app for a long
>> time.
>>
>> Does the ATS system provide some kind of courtesy grandfathering for
>> specific subdomains? What else would explain this?
>>
>> By the way, I am setting a cache policy to ignore local cache, so I don’t
>> think it’s anything like that.
>>
>> Daniel
>
> There is an exception list for ATS in the Info.plist. Would
> sweatertest.wordpress.com <http://sweatertest.wordpress.com/> be listed there?
>
> Unless an http URL is in the exception list, it will always fail. (See
> NSExceptionDomains)
>
> https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
>
> <https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33>
>
> Tom
>
The docs don’t match my recollection of how this worked but I did use this for
while with success to allow http to these two sites and require https otherwise:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>dnsalias.net</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
<key>meetecho.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
Tom
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com
This email sent to [email protected]
