0

I am using parse.com, layer.com, and my company url for terms/privacy policy, as well as other frameworks in cocoapods like google places api.

I am stuck because I want to use the correct Apple Transport Settings, and I can't seem to figure out how to include all the things I need in the info.plist. I don't want it to get rejected from the app store on submission.

I have done research on stack overflow and people either by passed it or gave an example for one domain. It still isn't clear how I should add this in the xml.

rmaddy
  • 314,917
  • 42
  • 532
  • 579
kareem
  • 903
  • 1
  • 14
  • 36
  • Better find an alternative for parse... – LinusGeffarth Feb 05 '16 at 23:28
  • There are many examples for setting up ATS. Address each one of the domains separately. Keep in mind that you only need to add to ATS for a domain that isn't up-to-date already. – rmaddy Feb 05 '16 at 23:42
  • Linus G. Yes I know, will be doing their migration when more tools become available. And @rmaddy what do you mean "for a domain that isn't up-to-date already" – kareem Feb 06 '16 at 08:55
  • @kareem I mean that not all domains (such as parse.com, etc.) will require anything for ATS. You only need to setup ATS for a domain that doesn't use the proper version of HTTPS/TLS. – rmaddy Feb 06 '16 at 15:11
  • @rmaddy whats the best way to know if it doesnt use the proper HTTPS/TLS ? – kareem Feb 07 '16 at 02:58
  • You know if you can't access the server without an entry for ATS in Info.plist – rmaddy Feb 07 '16 at 03:55

2 Answers2

1

If you know how to add one domain to the exceptions dictionary, then you just do the same for all the others. Here's an example:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>parse.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>                
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
        <key>layer.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
        <key>my-company.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>

Also, the full spec for NSAppTransportSecurity keys can be found here.

Artal
  • 8,933
  • 2
  • 27
  • 30
0

don't worry about the reject things

according to this guys answer

The good news is Apple Accepted my app with NSAllowsArbitraryLoads set to YES.

So in your case the simplest way is to allow all http request in this way, and if your app have built-in web browser, this is definitely your choice 

<key>NSAppTransportSecurity</key>
  <dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
  </dict>

If you want to just allow specific http request, then you can add this in your info.plist

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

code above says allow yourserver.com and its subdomain http connection

Community
  • 1
  • 1
dispute
  • 1,424
  • 13
  • 17