Re: Application Transport Security deadline for iOS apps

What does ATS mean for people using on-rev ? I am not at all familiar with this subject, therefor I have a couple of questions: Will it be a per person thing, do I have to install a cert just for me ? Or will LiveCode do this for all users ? Or will this be implemented into the cPanel ? > > Am

Re: Application Transport Security deadline for iOS apps

LiveCode does use UIWebView. I can’t speak for the team but I would think it’s unlikely we would look at altering that until support for iOS 7 is dropped. Down the track with WKWebView having a common api on Mac 10.10 and iOS 8.0 it would make sense to share code when they are our minimum suppor

Re: Application Transport Security deadline for iOS apps

I needed to use WKWebView not long ago, and started by making a native app test. As far as I could tell Xcode still uses UIWebView for Objective-C projects. I did find a Swift test project, and was able to prove how great WKWebView is. WKWebView requires iOS 8 or later, I think LiveCode still s

Re: Application Transport Security deadline for iOS apps

According to an article on TechRepublic ( http://www.how-to-migrate-to-https-using-app-transport-security-when-developing-ios-apps ) "If you're using WKWebView, an arbitrary conne

Re: Application Transport Security deadline for iOS apps

Paul Dupuis wrote: >>> On 12 Jul 2016, at 6:55 AM, J. Landman Gay wrote: >>> >>> I wonder what happens if your app allows general browsing with, >>> say, a browser widget? > > And this is why I think what Apple is doing - regardless of the > security benefits - is wrong. Someone tell their friend

Re: Application Transport Security deadline for iOS apps

On 7/11/2016 5:21 PM, Monte Goulding wrote: > The browser widget will be blank. > > Sent from my iPhone > >> On 12 Jul 2016, at 6:55 AM, J. Landman Gay wrote: >> >> I wonder what happens if your app allows general browsing with, say, a >> browser widget? > And this is why I think what Apple is d

RE: Application Transport Security deadline for iOS apps

dman Gay Sent: Monday, July 11, 2016 4:56 PM To: How to use LiveCode Subject: Re: Application Transport Security deadline for iOS apps On 7/11/2016 9:31 AM, Mark Waddingham wrote: > Of course, it should be pointed out here that ATS relates to app > developers writing apps *not* general

Re: Application Transport Security deadline for iOS apps

The browser widget will be blank. Sent from my iPhone > On 12 Jul 2016, at 6:55 AM, J. Landman Gay wrote: > > I wonder what happens if your app allows general browsing with, say, a > browser widget? ___ use-livecode mailing list use-livecode@lists.

Re: Application Transport Security deadline for iOS apps

On 7/11/2016 9:31 AM, Mark Waddingham wrote: Of course, it should be pointed out here that ATS relates to app developers writing apps *not* general internet usage through browsers on iOS and Mac devices. i.e. Apple are saying - "if you have control over your servers and such then we expect you to

Re: Application Transport Security deadline for iOS apps

On 2016-07-11 16:43, Richard Gaskin wrote: HTTPS serves two purposes: one is encryption of data in transport, which may or may not be truly necessary. When when a server only hosts publicly-available information it may indeed seem overkill. I'd perhaps suggest that encryption of all internet t

Re: Application Transport Security deadline for iOS apps

Peter TB Brett wrote: On 11/07/2016 15:43, Richard Gaskin wrote: Paul Dupuis wrote: On 7/11/2016 7:05 AM, Peter TB Brett wrote: ... Apple will be requiring ATS for all iOS apps submitted to the app store from the beginning of 2017. ... The "Let's Encrypt" project may be useful. https://let

Re: Application Transport Security deadline for iOS apps

On 11/07/2016 15:43, Richard Gaskin wrote: Paul Dupuis wrote: On 7/11/2016 7:05 AM, Peter TB Brett wrote: ... Apple will be requiring ATS for all iOS apps submitted to the app store from the beginning of 2017. ... The "Let's Encrypt" project may be useful. https://letsencrypt.org/ I reali

Re: Application Transport Security deadline for iOS apps

Paul Dupuis wrote: > On 7/11/2016 7:05 AM, Peter TB Brett wrote: ... >> Apple will be requiring ATS for all iOS apps submitted to the app >> store from the beginning of 2017. ... >> The "Let's Encrypt" project may be useful. https://letsencrypt.org/ > > I realize that LiveCode has no influence ov

Re: Application Transport Security deadline for iOS apps

Having a pass-through would work, it just always amazes me that "increased security" forces work arounds that in the end will decrease it. Forcing a developer to route all traffic through one hole in this manner so that they can actually keep things working basically sets up a huge clearinghouse t

Re: Application Transport Security deadline for iOS apps

On 2016-07-11 16:15, Paul Dupuis wrote: It is good to know that, at least for a time, some way to make exceptions exists. I still think, that all the benefits of HTTPS aside, taking choice away from consumers, is wrong and a "bad" move on Apple's part. They aren't taking the choice away from co

Re: Application Transport Security deadline for iOS apps

You (i.e. a developer who has one of these apps that scrapes from non-hhtp sites) could always provide a "relay" site that took https connections, made the request to the http site and then forwarded the end result. -- Alex. On 11/07/2016 15:13, Paul Dupuis wrote: On 7/11/2016 9:42 AM, Peter

Re: Application Transport Security deadline for iOS apps

On 7/11/2016 9:52 AM, Mark Waddingham wrote: > Of course, Apple will likely become more and more strict over time - > but it sounds like there is still 'plenty' of time for third-party > HTTP-only services to upgrade. I imagine there will be a great deal > less time for web services owned and contr

Re: Application Transport Security deadline for iOS apps

On 7/11/2016 9:42 AM, Peter TB Brett wrote: > If taken to court, I expect Apple would show evidence of the above and > argue that they are taking much-needed steps to ensure users' security > and safety, by making sure that the data the user receives is the same > as the data that was sent, and tha

Re: Application Transport Security deadline for iOS apps

On 2016-07-11 14:25, Paul Dupuis wrote: I realize that LiveCode has no influence over Apple, but this is one of the most bone-headed thing Apple has ever done to it's developers. There are millions of web servers out there without any logins, serving publicly available data or information, that

Re: Application Transport Security deadline for iOS apps

On 11/07/2016 13:25, Paul Dupuis wrote: I truly hope someone sues them over such censorship on 1st amendment (freedom of speech) grounds. According to my recollection of judicial precedent, the 1st Amendment of the US Constitution enjoins state and federal from prior restraint of speech, and

Re: Application Transport Security deadline for iOS apps

On 7/11/2016 7:05 AM, Peter TB Brett wrote: > Hi all, > > Many LiveCode developers currently disable (Application Transport > Security) ATS when deploying to iOS in order to access web resources > over insecure HTTP, rather than HTTPS > > Apple will be requiring ATS for all iOS apps submitted to th