iOS ATS configuration for handling internal redirects to HTTP connection

597 views Asked by At

As announced in WWDC 2016, Apple will enforce HTTPS connection for all apps from December end 2016. Although I have added all the HTTP domains to which my app communicates as exceptions in the ATS settings but not sure how to handle one particular case where in if I refer to a HTTP connection added as ATS exception in info.plist which internally redirects to another HTTP connection which is not part of the ATS exceptions added in info.plist. Please suggest.

1

There are 1 answers

0
wottle On

Unfortunately, if you don't know the domains for the destination of the redirects, you will have to disable ATS using the NSAllowsArbitraryLoads key in your info.plist.

Apple will allow you to do this, as long as you have a valid justification. If you are accessing third-party sites that do the redirection, and you do not have control over those sites, that may be a valid justification when you submit the app. What you could do to increase your chances that Apple accepts your justification, is to include exception domains in your info.plist for all the domains that you do know are secure. A combination of NSAllowsArbitraryLoads and exception domains with ATS turned on will at least show Apple that you are trying to be as secure as possible within your app.