Using libcurl, I want to make a HTTP request at my Packet Tunnel Provider to a HTTP URL (and not HTTPS).
I tried to do it, and it worked well. However, I expected that I would need to add it to the Extension's plist
NSAppTransportSecurity exceptions.So my question is - do I need to add this value to the plist to be on the safe side? Or I can do what I want at the Extension?
ATS compliance will only be neccessary if you use Apple’s HTTPS APIs, such as NSURLSession. libcurl is not one of these libraries. Having said that I would recommend starting with an exception if you ever plan to use NSURLSession for this domain and then work towards configuring the server you are talking to to enforce HTTPS traffic. That way your traffic is always secure in scenarios where your VPN may or may not be available.
Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com
I'm using HTTP so simulate detection of a captive-portal, so there are cases I must use HTTP.
I'll use the exception for the Extension only.
Thanks!