KlimczakM KlimczakM - 1 month ago 11
iOS Question

Is it safe to add localhost to App Transport Security (ATS) NSExceptionDomains?

Is it safe, in terms of security, to add

localhost
to ATS
NSExceptionDomains
for development use? It's not very convenient (and it's easy to forget) to remove those lines from
Info.plist
file before every commit.

<dict>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>


Additionally, can Apple reject the application because of this?

Answer

You can now do this for local addresses:

<dict>
    <key>NSAllowsLocalNetworking</key>
    <true/>
</dict>

Apple has blessed this key as an ATS exception — it has said it will not reject apps for using it. More info here: https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html (search in page for "local")

Comments