Our app has "allow arbitrary loads" in the "App Transport Security Settings" and generally allows both "http" and "https" connections. I want to restrict basic authentication usage to secure connections only, what is the best way to do that?
I have URLSessionTaskDelegate's:
func urlSession(_ session: URLSession, task: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
where I can put the relevant logic, but how do I check if the connection attempt in question is happening over TLS or not? I can check task.currentRequest.url scheme being "http" vs "https", and port being nil vs 80 vs 443, but I hope there is a more robust check.