iOS: New App Transport Security Configs
In prep for the upcoming RC we just pushed some updates to the publishing API.
There are now new Transport Security Options:
- Allow App To Talk To Any Domain Insecurely
- Allow App To Talk To Any Domain Insecurely for Media Only
- Allow App To Talk To Any Domain Insecurely for Web Views Only
In most case, these should not be used in a production app. If you do use them, you will be asked by Apple to justify usage of these options. Basically everyone wants you to hit domains that use HTTPS. If you don't you need to make an exception in your app. Here's where you would want to use them:
- First Option: Open URL in App, gs:playVideoFromURL, and Network Behaviors access information from http://
- Second Option: gs:playVideoFromURL is accessing a video from http://
- Third Option: Open URL in App is accessing a page with a http:// url.
The preferred option is to use Exception Domains
This will let you explicitly choose which domains where you want to allow your app to access data and what exceptions to the most secure options you need to make.
While this was mostly made in anticipation of the new gs:playVideoFromURL option, this is also useful for OpenURL and Network Behaviors.