ATS设置
按照惯例写一个UIWebView,用来加载网页:
_webView = [[UIWebView alloc] initWithFrame:CGRectMake(0, 0, self.view.frame.size.width, self.view.frame.size.height)];
_webView.delegate = self;
[self.view addSubview:_webView];
NSURL *url = [NSURL URLWithString:@"https://github.com/"];
_request = [NSURLRequest requestWithURL:url];
[_webView loadRequest:_request];
run一下看看加载出来了吗?如果发现屏幕一片白并没有出现网页内容,不要惊讶,看看你的控制台是不是报出以下错误:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
这个怎么解决呢?没错ATS设置:去plist文件里添加一项App Transport Security Settings,它是个字典类型,给它增加一对键值,键:Allow Arbitrary Loads ,值设为YES。
以上,搞定ATS设置,网页成功加载了:
Simulator Screen Shot.png
如果你的网页是self signed website,那么你的屏幕应该还是一片白,并且控制台又报错:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
注意:这两次错误并不是一样的,后面数字代码不同
(并不太清楚这个码代表的意思,有知道的朋友请留言告知,感谢。)
NSURLConnection
使用webview加载自签名https站点的时候,必须在请求的时候将该站点设置为安全的,才能继续访问。所以我们需要在webview开始加载网页的时候首先判断判断该站点是不是https站点,如果是的话,先让他暂停加载,用NSURLConnection 来访问改站点,然后再身份验证的时候,将该站点置为可信任站点。然后在用webview重新加载请求。
直接上代码:
#pragma mark - UIWebViewDelegate
// Note: This method is particularly important. As the server is using a self signed certificate,
// we cannot use just UIWebView - as it doesn't allow for using self-certs. Instead, we stop the
// request in this method below, create an NSURLConnection (which can allow self-certs via the delegate methods
// which UIWebView does not have), authenticate using NSURLConnection, then use another UIWebView to complete
// the loading and viewing of the page. See connection:didReceiveAuthenticationChallenge to see how this works.
- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType;
{
NSLog(@"Did start loading: %@ auth:%d", [[request URL] absoluteString], _authenticated);
if (!_authenticated) {
_authenticated = NO;
_urlConnection = [[NSURLConnection alloc] initWithRequest:_request delegate:self];
[_urlConnection start];
return NO;
}
return YES;
}
#pragma mark - NURLConnection delegate
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
{
NSLog(@"WebController Got auth challange via NSURLConnection");
if ([challenge previousFailureCount] == 0)
{
_authenticated = YES;
NSURLCredential *credential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
} else
{
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
// We use this method is to accept an untrusted site which unfortunately we need to do, as our PVM servers are self signed.
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
{
return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
}
#pragma mark - NSURLConnectionDataDelegate
- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
NSLog(@"WebController received response via NSURLConnection");
// remake a webview call now that authentication has passed ok.
_authenticated = YES;
[_web loadRequest:_request];
// Cancel the URL connection otherwise we double up (webview + url connection, same url = no good!)
[_urlConnection cancel];
}
以上设置,可成功加载自签名网页。
但是,虽然加载成功,但是控制台还是报了以下错误:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
最后
推荐参考链接:
stackoverflow Q1
stackoverflow Q2
网友评论