I was all excited, because--thanks to your answers re WebView--I had a system 
in place to load the contents of the first URL in the selected tweet. Then my 
log showed me "transport security has blocked…" and nothing worked.

I've since discovered that ATS is new in iOS9/OSX10.11 and is meant to force 
you into use HTTPS. Given that I'm just loading whatever URLs happen to be in 
the selected tweet, the vast majority will not be HTTPS and will thus be 
blocked. I can't add trusted domains, if I understand that feature correctly, 
because I have no way of knowing what domains users might load. My only option, 
it seems, is to disable the whole thing by using:

<key>NSAppTransportSecurity</key>
<dict>
  <!--Include to allow all connections (DANGER)-->
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

(found at 
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/)

However, before I go doing that, does anyone know of a better way? Are there 
security implications I'm overlooking? I don't know what users will do with 
this web view, and yes, some may log into sites or give other sensitive data. 
The primary use case is to look at articles, videos, etc that are tweeted, 
though, and to do that I can't have ATS blocking everything. I'm not sure what 
the best course is here. Thanks.

--
Have a great day,
Alex Hall
mehg...@icloud.com


_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to