You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "Ho-Kuo Chan (HPE) (JIRA)" <ji...@apache.org> on 2017/10/19 18:51:00 UTC

[jira] [Updated] (CB-13469) allow-navigation using * to include path translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11

     [ https://issues.apache.org/jira/browse/CB-13469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ho-Kuo Chan (HPE) updated CB-13469:
-----------------------------------
    Summary: allow-navigation using * to include path translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11  (was: allow-navigation using * to include sub-domains translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11)

> allow-navigation using * to include path translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: CB-13469
>                 URL: https://issues.apache.org/jira/browse/CB-13469
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-ios
>    Affects Versions: cordova-ios@4.4.0, cordova-ios 4.5.0
>         Environment: XCode 9 (9A235)
> iOS11
> AFNetworking 3.1.0
> cordova-advanced-http 1.5.10
>            Reporter: Ho-Kuo Chan (HPE)
>            Assignee: Suraj Pindoria
>
> Previously in XCode 8 and iOS <= 10, SSL Pinning was functioning correctly using the <allow-navigation> key in config.xml and cordova-advanced-http. Upon upgrading to XCode 9 and testing on iOS11, it was discovered that our app could no longer connect to the web server presenting a signed certificate even though the signing certificate was bundled in the app. Disabling ATS allowed the connection to proceed.
> Through communication with Apple Technical Support, it was determined that when the <allow-navigation> key contains a trailing "/*" (meaning any path in android), the corresponding NSExceptionDomain becomes invalid in iOS11 and XCode 9. For example, if config.xml contains:
> <allow-navigation href="https://*.mydomain.com/*>
> this gets translated into a Info.plist with:
>     <key>NSAppTransportSecurity</key>
>     <dict>
>       <key>NSExceptionDomains</key>
>       <dict>
>         <key>mydomain.com/*</key>
> but should be:
>         <key>mydomain.com</key>
> From Apple Tech Support:
> The `mydomain.com/*` string is wrong.  It should be `mydomain.com`.  Keys for the `NSExceptionDomains` dictionary are DNS names, and only DNS names.  You can’t include URL path fragments.  Even literal IP addresses are unsupported in this context.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org