ios 关于https官方文档

App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.

If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file.

========

NSAppTransportSecurity (Dictionary - iOS, macOS) Use this key to describe your app’s intended HTTP connection behavior if you require exceptions from best security practices or you want to enable new security features.

On Apple platforms, a networking security feature called App Transport Security (ATS) is available to apps and app extensions, and is enabled by default. It improves privacy and data integrity by ensuring your app’s network connections employ only industry-standard protocols and ciphers without known weaknesses. This helps instill user trust that your app does not accidentally leak transmitted data to malicious parties.

By configuring this key’s value in your app’s Info.plist file, you can customize the security of your network connections in a variety of ways. You can:

Allow insecure communication with particular servers

Allow insecure loads for web views or for media, while maintaining ATS protections elsewhere in your app

Enable new security features such as Certificate Transparency

The NSAppTransportSecurity key is supported in iOS 9.0 and later and in OS X v10.11 and later, and is available in both apps and app extensions.

Starting in iOS 10.0 and later and in macOS 10.12 and later, the following subkeys are supported:

NSAllowsArbitraryLoadsForMedia

NSAllowsArbitraryLoadsInWebContent

NSRequiresCertificateTransparency

NSAllowsLocalNetworking

Note: There are two “allows arbitrary loads” keys and they employ different naming patterns. Take care to use …ForMedia and …InWebContent correctly.

 应用程序安全运输(ATS)执行最佳实践的安全连接应用程序和后端之间。ATS防止意外披露,提供安全的默认行为,易于采用;也正是通过在iOS 9和OS X v10.11默认。你应该采用ATS尽快,无论你是创建一个新的应用程序或更新现有的。

如果你正在开发一个新的应用程序,你应该使用HTTPS专门。如果你有一个现有的应用程序,你应该使用HTTPS的尽可能多的现在,并创建一个迁移您的应用程序的其余部分尽快计划。

另外,你的沟通通过更高级别的API需要使用TLS 1.2版本与前向保密加密。如果您试图使一个不遵循这一要求的连接,则抛出一个错误。如果你的应用程序需要请求一个不安全的领域,你必须在你的应用程序的Info.plist文件中指定此域。

========

NSAppTransportSecurity(词典iOS、MacOS)使用这个关键,如果你需要从最佳安全实践的例外或您想启用新的安全功能描述你的应用程序的HTTP连接行为。

在苹果的平台,一个网络安全功能称为应用程序的安全运输(ATS)是可用的应用程序和应用程序的扩展,并且是默认启用。它提高了隐私和数据以确保你的应用程序的网络连接使用行业标准协议和密码没有已知的弱点的完整性。这有助于向用户灌输你的应用程序不意外泄漏传输的数据给恶意方的信任。

通过在你的应用程序的Info.plist文件中配置此键的值,您可以自定义你的网络连接的安全性在各种不同的方式。你可以:

允许不安全的通信与特定的服务器

允许Web视图或媒体不安全的负载,同时保持其它ATS保护应用程序

启用新的安全功能,如证书透明性

关键是后来的nsapptransportsecurity在OS X v10.11后来在iOS 9的支持,并可在应用程序和应用程序的扩展。

从iOS 10之后,MacOS 10.12后,下面的子项的支持:

nsallowsarbitraryloadsformedia

nsallowsarbitraryloadsinwebcontent

nsrequirescertificatetransparency

nsallowslocalnetworking

注:有两个“允许任意加载”键,他们采用不同的命名模式。小心使用媒介和inwebcontent正确…。

你可能感兴趣的:(ios 关于https官方文档)