7 Replies
      Latest reply: Jan 3, 2017 4:03 AM by eskimo RSS
      murtaza.saify Level 1 Level 1 (0 points)

        As announced in WWDC 2016, Apple will enforce HTTPS connection for all apps from December end 2016. Although I have added all the HTTP domains to which my app communicates as exceptions in the ATS settings but not sure how to handle one particular case where in if I refer to a HTTP connection added as ATS exception in info.plist which internally redirects to another HTTP connection which is not part of the ATS exceptions in info.plist. Please suggest.

        • Re: iOS ATS configuration for handling internal redirects to HTTP connection
          neal1 Level 1 Level 1 (10 points)

          Can't you just add the domain of the redirect to the ATS exception list?

            • Re: iOS ATS configuration for handling internal redirects to HTTP connection
              jki Level 1 Level 1 (0 points)

              You can add domain to ATS exception list for new app releases but question what happens to the users of existing app release that don't upgrade. Real scenario when website is moved to another domain with redirects from old domain.

                • Re: iOS ATS configuration for handling internal redirects to HTTP connection
                  eskimo Apple Staff Apple Staff (6,765 points)

                  ATS does not have any specific smarts with regards redirects.  From an ATS perspective, each connection is independent and is evaluated on its own merits.


                  murtaza.saify wrote:

                  As announced in WWDC 2016, Apple will enforce HTTPS connection for all apps from December end 2016.

                  Just FYI, this deadline has changed.  See my App Transport Security pinned post for the latest news.


                  jki wrote:

                  … what happens to the users of existing app release that don't upgrade.  Real scenario when website is moved to another domain with redirects from old domain.

                  The best way forward here is to make the new server ATS compliant, which means you don’t need a new ATS exception.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: iOS ATS configuration for handling internal redirects to HTTP connection
                      murtaza.saify Level 1 Level 1 (0 points)

                      Thanks Eskimo,

                       

                      But how should I handle this particular scenerio in which a HTTP Connection (known to app and domain added to ATS exception) redirects internaly to another HTTP connection (unknown to app and not part of ATS exceptions).

                      Please suggest.

                        • Re: iOS ATS configuration for handling internal redirects to HTTP connection
                          eskimo Apple Staff Apple Staff (6,765 points)

                          But how should I handle this particular scenerio in which a HTTP Connection (known to app and domain added to ATS exception) redirects internaly to another HTTP connection (unknown to app and not part of ATS exceptions).

                          ATS does not have any specific smarts with regards redirects.  The best way forward here is to have each of the servers in question meet ATS’s security requirements.  That’s best for you (there’s nothing to do in your app) and best for your users (they get good security).

                          If you can’t do that then your only option is to add ATS exceptions for all the servers in question.  If you can’t build a list of those serves you’ll need a wide ranging ATS exception (and, once App Review starts enforcing their announced policy, you’ll have to justify that to App Review).

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"