You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Shazron Abdullah (JIRA)" <ji...@apache.org> on 2015/11/18 13:11:10 UTC
[jira] [Comment Edited] (CB-10011) Allow the disabling of ATS entry
generation from tags
[ https://issues.apache.org/jira/browse/CB-10011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15010840#comment-15010840 ]
Shazron Abdullah edited comment on CB-10011 at 11/18/15 12:10 PM:
------------------------------------------------------------------
I think you misunderstand the ATS docs.
Doing this: <access origin="https://*.<redacted>.com"> does not disable ATS for the domain at all.
>From the reference: https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
Straight from Apple's docs, see the "Using ATS For Your Servers and Allowing Insecure Connections Elsewhere" section where they illustrate this. Note that "NSExceptionAllowsInsecureHTTPLoads" when not specified, defaults to NO (which it will be, in your example for that domain). An example is illustrated in the "Debugging ATS Connections" section.
was (Author: shazron):
I think you misunderstand the ATS docs.
Doing this: <access origin="https://*.<redacted>.com"> does not disable ATS for the domain at all.
>From the reference: https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
Straight from Apple's docs, see the "Using ATS For Your Servers and Allowing Insecure Connections Elsewhere" section where they illustrate this. Note that "NSExceptionAllowsInsecureHTTPLoads" when not specified, defaults to NO. This is illustrated in the "Debugging ATS Connections" section.
> Allow the disabling of ATS entry generation from <access> tags
> --------------------------------------------------------------
>
> Key: CB-10011
> URL: https://issues.apache.org/jira/browse/CB-10011
> Project: Apache Cordova
> Issue Type: Bug
> Components: CordovaLib
> Environment: iOS
> Reporter: Tom Bell
> Assignee: Shazron Abdullah
> Priority: Minor
>
> Having <access origin="*"> just disables ATS fully on iOS. Changing to <access origin="https://*"> does the same.
> Putting in <access origin="https://*.<redacted>.com"> disables ATS for that domain, which is bad.
> I would like an option/config value to disable the generation of ATS entries based on the whitelist values.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org