We’ll be migrating to the new iOS build servers
this Sunday & this does entail one major thing you need to be aware of. With the new version of xcode http
URL’s are blocked by Apple. We
blogged about this a while back but this bares repeating as it’s something a lot of you will start running into.
To get an overview of the issue check out
this article or
the actual document from Apple.
In a nutshell http URL’s are no longer supported by Apple to facilitate proper security.
You can disable this block by using the build hint
ios.plistInject=<key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/></dict>
but if you don’t have a good reason to do this Apple will reject your app and won’t let you ship your app
thru the appstore.
Be sure to update your apps!
Starting with this update our simulator will print out a warning every time you try to connect to an HTTP URL
to help you detect the cases where you do so. Hopefully this will make the migration to the new servers smoother.
3 Comments
So HttpS will be fine right?
That’s the goal. To force apps to use proper https sites and proper security.
I understand the logic here. In a browser you can see the lock icon on the top left and know if you are submitting to a secure website. In an app there is no such indication.
ATS minimum defaults: HTTPS + TLS 1.2 + FS
[https://developer.apple.com…](https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html)
So far we haven’t been flagged for enabling arbitrary loads support with our banking apps, but I’m sure Apple will start clamping down soon.