原本苹果定于2017.01.01后苹果审核将要限制HTTP请求,需要广大开发者提前做好准备。现在又说要延后了。
To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed
NSAppTransportSecurity (Dictionary - iOS, macOS) Use this key to describe your app’s intended HTTP connection behavior if you require exceptions from best security practices or you want to enable new security features.
The NSAppTransportSecurity key is supported in iOS 9.0 and later and in OS X v10.11 and later, and is available in both apps and app extensions.
//检测服务器支持的TSL版本 v1.2
> /usr/bin/nscurl --ats-diagnostics https://apple.com
这里分为三种情况
- 第一种、服务端全部域名支持HTTPS。且HTTPS证书符合苹果要求。
这一种最简单,在对应target的info.plist中添加NSAppTransportSecurity的key,value 设置为NO,
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
</dict>
- 第二种、服务端部分域名支持HTTPS。且HTTPS证书符合苹果要求。另外一部分不支持。这种情况可以前后端配合统计出相应的域名,并添加到例外。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>tcv.ielpm.cn</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
</dict>
- 第三种、除了WebView的请求域名不知道是否支持HTTPS,其他业务域名全部支持。这种情况就要配置NSAllowsArbitraryLoadsInWebContent设置值为YES。但是设置了这个值NSAllowsArbitraryLoads就不起作用了
(If you add this key to your Info.plist file, then, irrespective of the value of the key, ATS ignores the value of the NSAllowsArbitraryLoads key.)
还有一个问题,这个key是支持iOS 10以后,那要适配老板本怎么办?文档给出的方法是同时设置
NSAllowsArbitraryLoads = YES和
NSAllowsArbitraryLoadsInWebContent = YES
(To support older versions of iOS and macOS, you can employ this key and still manually configure ATS. To do so, set this key’s value to YES and also configure the NSAllowsArbitraryLoads subkeys.)
很多公司测试环境都是HTTP请求,生产环境才是HTTPS。开发时这样设置
//单独设置
NSAllowsArbitraryLoads = YES //可以访问。
//设置两个
NSAllowsArbitraryLoads = YES && NSAllowsArbitraryLoadsInWebContent = YES //webView之外的无法访问
怎么解决这个问题?我现在没有好办法,只能发包之前再改。希望大神们指点迷津!
-
最后提交审核。
当这些值设置为YES时,审核时需要描述缘由。
20161223@2x.png
网友评论