You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "jcesarmobile (JIRA)" <ji...@apache.org> on 2016/09/20 15:51:20 UTC
[jira] [Commented] (CB-11440) iOS: Remove default: disabled
NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15506937#comment-15506937 ]
jcesarmobile commented on CB-11440:
-----------------------------------
NSAllowsArbitraryLoads is added because the default template has the <access origin="*" /> on the config.xml
So, the solution for this issue is to remove the <access origin="*" /> from the template? and maybe document that Apple will reject your app if you use the <access origin="*" />?
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> ------------------------------------------------------------------------------
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
> Reporter: Michael Schmidt
> Assignee: Shazron Abdullah
> Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> <key>NSAppTransportSecurity</key>
> <dict>
> <key>NSAllowsArbitraryLoads</key>
> <true/>
> </dict>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org