IOS 学习之 App Transport Security(A

ATS

ATS是apple platforms的网络安全功能,在默认情况下是开启的.

如果我们想访问不安全的网络,需要在 info.plist 设置.

NSAppTransportSecurity 支持IOS 9.0 和 以后的版本.

下面是 NSAppTransportSecurity 的结构

NSAppTransportSecurity : Dictionary {
    NSAllowsArbitraryLoads : Boolean
    NSAllowsArbitraryLoadsForMedia : Boolean
    NSAllowsArbitraryLoadsInWebContent : Boolean
    NSAllowsLocalNetworking : Boolean
    NSExceptionDomains : Dictionary {
        <domain-name-string> : Dictionary {
            NSIncludesSubdomains : Boolean
            NSExceptionAllowsInsecureHTTPLoads : Boolean
            NSExceptionMinimumTLSVersion : String
            NSExceptionRequiresForwardSecrecy : Boolean   // Default value is YES
            NSRequiresCertificateTransparency : Boolean
        }
    }
}

domain-name-string 是你将要配置的域用来访问.
NSIncludesSubdomains
If set to YES, applies a named domain’s ATS configuration to all of its subdomains. Default value is NO.

设置 NSIncludsSubdomains 将会应用配置到对应域名下所有子域名.默认是No.

NSExceptionAllowsInsecureHTTPLoads
If set to YES, allows insecure HTTP loads for the named domain, but does not change Transport Layer Security (TLS) requirements and does not affect HTTPS loads for the named domain. Default value is NO.

设置为YES时，将会允许此域名的Http访问。但不会改变App transport security 设置。不会影响HTTPS访问.默认是NO.

NSExceptionMinimumTLSVersion
Specifies the minimum TLS version for network connections for the named domain, allowing connection using an older, less secure version of Transport Layer Security.

声明最小支持的Transport Layer Security 的版本号。

NSExceptionRequiresForwardSecrecy
If set to NO, allows TLS ciphers, for the named domain, that do not support perfect forward secrecy (PFS). Default value is YES.

NSRequiresCertificateTransparency
If set to YES, requires valid, signed Certificate Transparency timestamps for server certificates for the named domain. Default value is NO.

实例

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <false/>
    <key>NSAllowsArbitraryLoadsInWebContent</key>
    <false/>
    <key>NSExceptionDomains</key>
    <dict/>
    <key>http://www.qiniu.com/</key>
    <dict>
        <key>NSExceptionAllowsInsecureHTTPLoads</key>
        <true/>
        <key>NSIncludesSubdomains</key>
        <true/>
    </dict>
</dict>