You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by GitBox <gi...@apache.org> on 2020/10/07 05:11:16 UTC

[GitHub] [cordova-ios] breautek edited a comment on issue #915: cordova-ios 6.0.0 iOS App rejection - No HTTPS access

breautek edited a comment on issue #915:
URL: https://github.com/apache/cordova-ios/issues/915#issuecomment-704695345


   After reading this a second time (few months later...) I realise that my original interpretation was completely wrong. It's not that they cannot connect to your servers, it's that they want you to use HTTPS instead of HTTP, unless if you have a **really** good reason why you can't use HTTPS.
   
   The rejection is related to `NSAllowsArbitraryLoads`.
   
   If you have this set to true, it must be limited to scope as much as possible, with proper justification.
   
   Some examples of acceptable justifications are:
   - App must connect to a server not controlled by you and it doesn't support secure connections.
   - App loads media content that is encrypted and doesn't contain any personalized information
   - App must support connecting to devices that cannot be upgraded to use secure connections and must be accessed using public host names.
   
   In your case, if `{MY_DOMAIN}` is controlled by you, then you should install TLS on it and route your app through https. If it's not controlled by you, then you must explain that.
   
   If you're using these settings, you must provide this information explaining why your app cannot use secure connections by default. See [Apple Docs](https://developer.apple.com/documentation/security/preventing_insecure_network_connections?language=objc#3138036) for more info.
   
   Since this isn't a bug with Cordova, I'll be close this issue. However if you require more assistance, I'll invite you to our [Slack](http://slack.cordova.io/).


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org