App Transport Security

  1. 3 months ago

    C T

    Jan 8 Ontario, Canada

    I just updated to Xojo 2018r4 and followed the blog on App Transport Security as I was updating an old app. The general waiver in info.plist

    <key>NSAppTransportSecurity</key>
    <dict>
      <!-- Include to allow all connections; avoid if possible -->
      <key>NSAllowsArbitraryLoads</key>
      <true/>
    </dict>

    works perfectly. But when I try to designate just one specific website in the plist without "https" it doesn't work for me. Anybody else tried it yet?

  2. Paul L

    Jan 8 Xojo Inc http://docs.xojo.com

    I just tweaked the Info.plist in the Cats example to remove the arbitrary loads key and it still seems to be working.

    Examples/Communication/Web Services/CatAPI

    Info.plist now looks like this:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>NSAppTransportSecurity</key>
    <dict>
    		<key>NSExceptionDomains</key>
    		<dict>
    			<key>thecatapi.com</key>
    			<dict>
    				<key>NSIncludesSubdomains</key>
    				<true/>
    				<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
    				<true/>
    			</dict>
    		</dict>
    </dict>
    </dict>
    </plist>
  3. C T

    Jan 8 Ontario, Canada

    Sorry Paul, but that is an invalid test. I just went to that web site and found that it is "https" (secure) anyway
    You need an unsecured page to truly test this. Here is one so you don't have to look around:
    http://www.quotationspage.com

  4. Paul L

    Jan 8 Xojo Inc http://docs.xojo.com

    You’re right. Looks like TheCatAPI updated to https some time last year and I hadn’t noticed.

    I’ll take a peek at your URL when I am back in the office.

or Sign Up to reply!