On iOS do I need to do anything extra for App Transport Security (ATS)?

App Transport Security (ATS) is enabled by default for apps linked against the iOS 9.0 or OS X v10.11 SDKs or later, as indicated by the default Boolean value of NO for the NSAllowsArbitraryLoads key. This key is at the root level of the NSAppTransportSecurity dictionary. More details can be found in Apple's docs here:

https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33 

 

There is nothing extra to do for the xtremepush SDK as all xtremepush endpoints are https. 

For example your app may have to use insecure content from your website in web views and also have to connect to two of your domains over http. To do this you would define some ATS rules in your plist:

the raw text equivalent is shown below: 


<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoadsInWebContent</key>
    <true/>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example1.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <string>YES</string>
            </dict>
            <key>example2.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
</dict>	

If you are using xtremepush to display In App messages you don't need to add anything extra to your plist to allow the In App messages to be displayed:

 

There is only one campaign option to be careful with. This is linking to a url and setting it to open In App. This can be set on opening of push notifications and on In App Message Button Clicks on iOS. For these do not use a http url unless using http urls for that domain in app is covered in your App Transport Security Settings.

If you really need to link to http urls use open outside app or set NSAllowsArbitraryLoadsInWebContent (Allows Arbitrary Loads in Web Content) to YES, under App Transport Security in your plist.

Trying to load a http url that is not listed in ATS settings within in the app will lead to warning messages like this:

 

Note: Given the clamp down on arbitrary content loads in web-views In App we will deprecate the In App web view in Q1 2017. The same functionality is now provided by safari when opening outside the app on iOS  (linking back to app via "Back to App").

 

 

 

 

 

 

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.