I was all excited, because--thanks to your answers re WebView--I had a system
in place to load the contents of the first URL in the selected tweet. Then my
log showed me "transport security has blocked…" and nothing worked.
I've since discovered that ATS is new in iOS9/OSX10.11 and is meant to force
you into use HTTPS. Given that I'm just loading whatever URLs happen to be in
the selected tweet, the vast majority will not be HTTPS and will thus be
blocked. I can't add trusted domains, if I understand that feature correctly,
because I have no way of knowing what domains users might load. My only option,
it seems, is to disable the whole thing by using:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
(found at
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/)
However, before I go doing that, does anyone know of a better way? Are there
security implications I'm overlooking? I don't know what users will do with
this web view, and yes, some may log into sites or give other sensitive data.
The primary use case is to look at articles, videos, etc that are tweeted,
though, and to do that I can't have ATS blocking everything. I'm not sure what
the best course is here. Thanks.
--
Have a great day,
Alex Hall
mehg...@icloud.com
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
