本文翻译自:Transport security has blocked a cleartext HTTP
What setting do I need to put in my info.plist to enable HTTP mode as per the following error message? 根据以下错误消息,我需要在info.plist添加什么设置才能启用HTTP模式?
Transport security has blocked a cleartext HTTP (http://) resource load since it is insecure. 传输安全性由于不安全,阻止了明文HTTP(http://)资源加载。 Temporary exceptions can be configured via your app's Info.plist file. 可以通过应用程序的Info.plist文件配置临时异常。
Assume that my domain is example.com . 假设我的域名是example.com 。
#1楼
参考:https://stackoom.com/question/278mT/传输安全性已阻止明文HTTP
#2楼
See the forum post Application Transport Security? 请参阅论坛中的应用程序传输安全性? . 。
Also the page Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11 . 同样是在iOS 9和OSX 10.11中配置应用程序传输安全例外的页面。
For example, you can add a specific domain like: 例如,您可以添加一个特定域,例如:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
The lazy option is: 惰性选项是:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Note: 注意:
info.plist is an XML file so you can place this code more or less anywhere inside the file. info.plist是一个XML文件,因此您可以将此代码或多或少地放在文件内的任何位置。
#3楼
Use NSAppTransportSecurity: 使用NSAppTransportSecurity:
You have to set the NSAllowsArbitraryLoads key to YES under NSAppTransportSecurity dictionary in your info.plist file. 您必须将info.plist文件中NSAppTransportSecurity词典下的NSAllowsArbitraryLoads键设置为YES 。
#4楼
This is a quick workaround (but not recommended) to add this in the plist: 这是一个快速的解决方法(但不推荐),可以将其添加到plist中:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Which means (according to Apple's documentation ): 这意味着(根据Apple的文档 ):
NSAllowsArbitraryLoads NSAllows任意负载
A Boolean value used to disable App Transport Security for any domains not listed in the NSExceptionDomains dictionary. 一个布尔值,用于为未在NSExceptionDomains词典中列出的任何域禁用应用程序传输安全性。 Listed domains use the settings specified for that domain. 列出的域使用为该域指定的设置。The default value of NO requires the default App Transport Security behaviour for all connections. 默认值为NO要求所有连接都具有默认的App Transport Security行为。
I really recommend links: 我真的推荐链接:
- Apple's technical note 苹果的技术说明
- WWDC 2015 session 706 (Security and Your Apps) starts around 1:50 WWDC 2015会话706(安全和您的应用)大约在1:50开始
- WWDC 2015 session 711 (Networking with NSURLSession) WWDC 2015会议711(与NSURLSession联网)
- Blog post Shipping an App With App Transport Security 博客文章运送具有应用程序传输安全性的应用程序
which help me understand reasons and all the implications. 这有助于我理解原因及其所有含义。
The XML (in file Info.plist) below will: 下面的XML(在Info.plist文件中)将:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>PAGE_FOR_WHICH_SETTINGS_YOU_WANT_TO_OVERRIDE</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
disallow arbitrary calls for all pages, but for PAGE_FOR_WHICH_SETTINGS_YOU_WANT_TO_OVERRIDE will allow that connections use the HTTP protocol. 禁止对所有页面进行任意调用,但对PAGE_FOR_WHICH_SETTINGS_YOU_WANT_TO_OVERRIDE允许连接使用HTTP协议。
To the XML above you can add: 您可以在上面的XML中添加:
<key>NSIncludesSubdomains</key>
<true/>
if you want to allow insecure connections for the subdomains of the specified address. 如果要允许指定地址的子域的不安全连接。
The best approach is to block all arbitrary loads (set to false) and add exceptions to allow only addresses we know are fine. 最好的方法是阻止所有任意负载(设置为false),并添加例外以仅允许我们知道可以使用的地址。
For interested readers 对于感兴趣的读者
2018 Update: 2018年更新:
Apple is not recommending switching this off - more information can be found in 207 session WWDC 2018 with more things explained in regards to security 苹果不建议您关闭此功能-可以在207届WWDC 2018中找到更多信息,并在安全方面进行了更多说明
Leaving the original answer for historic reasons and development phase 由于历史原因和发展阶段而留下原始答案
#5楼
This was tested and was working on iOS 9 GM seed - this is the configuration to allow a specific domain to use HTTP instead of HTTPS: 这已经过测试,并且正在iOS 9 GM种子上工作-这是允许特定域使用HTTP而不是HTTPS的配置:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key> <!--Include your domain at this line -->
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
NSAllowsArbitraryLoads must be false , because it disallows all insecure connection, but the exceptions list allows connection to some domains without HTTPS. NSAllowsArbitraryLoads必须为false ,因为它禁止所有不安全的连接,但是例外列表允许连接到某些没有HTTPS的域。
#6楼
Transport security is available on iOS 9.0 or later. 传输安全性在iOS 9.0或更高版本上可用。 You may have this warning when trying to call a WS inside your application: 尝试在应用程序内调用WS时,可能会出现以下警告:
Application Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. 由于应用程序传输安全性不安全,它阻止了明文HTTP(http://)资源加载。 Temporary exceptions can be configured via your app's Info.plist file. 可以通过应用程序的Info.plist文件配置临时异常。
Adding the following to your Info.plist will disable ATS: 将以下内容添加到您的Info.plist中将禁用ATS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
