You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Ho-Kuo Chan (HPE) (JIRA)" <ji...@apache.org> on 2017/10/19 18:51:00 UTC
[jira] [Updated] (CB-13469) allow-navigation using * to include
path translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11
[ https://issues.apache.org/jira/browse/CB-13469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ho-Kuo Chan (HPE) updated CB-13469:
-----------------------------------
Summary: allow-navigation using * to include path translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11 (was: allow-navigation using * to include sub-domains translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11)
> allow-navigation using * to include path translates to invalid ATS NSExceptionDomains XCode9 (9A235) and iOS11
> --------------------------------------------------------------------------------------------------------------
>
> Key: CB-13469
> URL: https://issues.apache.org/jira/browse/CB-13469
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-ios
> Affects Versions: cordova-ios@4.4.0, cordova-ios 4.5.0
> Environment: XCode 9 (9A235)
> iOS11
> AFNetworking 3.1.0
> cordova-advanced-http 1.5.10
> Reporter: Ho-Kuo Chan (HPE)
> Assignee: Suraj Pindoria
>
> Previously in XCode 8 and iOS <= 10, SSL Pinning was functioning correctly using the <allow-navigation> key in config.xml and cordova-advanced-http. Upon upgrading to XCode 9 and testing on iOS11, it was discovered that our app could no longer connect to the web server presenting a signed certificate even though the signing certificate was bundled in the app. Disabling ATS allowed the connection to proceed.
> Through communication with Apple Technical Support, it was determined that when the <allow-navigation> key contains a trailing "/*" (meaning any path in android), the corresponding NSExceptionDomain becomes invalid in iOS11 and XCode 9. For example, if config.xml contains:
> <allow-navigation href="https://*.mydomain.com/*>
> this gets translated into a Info.plist with:
> <key>NSAppTransportSecurity</key>
> <dict>
> <key>NSExceptionDomains</key>
> <dict>
> <key>mydomain.com/*</key>
> but should be:
> <key>mydomain.com</key>
> From Apple Tech Support:
> The `mydomain.com/*` string is wrong. It should be `mydomain.com`. Keys for the `NSExceptionDomains` dictionary are DNS names, and only DNS names. You can’t include URL path fragments. Even literal IP addresses are unsupported in this context.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org