[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple

Wed, 13 Jun 2018 00:55:31 -0700 


    [ 
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510744#comment-16510744
 ] 

Ken Naito commented on CB-11440:
--------------------------------

I created a simple npm module experimentally.
By using this module, we can set  the NSAllowsArbitraryLoads to false.

https://www.npmjs.com/package/cordovax-edit-ats

Install:
{code}
$ npm install cordovax-edit-ats
{code}
on  the cordova application directory.

Using this module, we can set the NSAllowsArbitraryLoads to false by command 
line 
{code}
$ npx cordovax-edit-ats create false
{code}
or by using hook script like
config.xml:
{code}
<hook src="scripts/editPlist.js" type="after_platform_add" />
{code}    
with scripts/editPlist.js
{code}
var editATS = require('cordovax-edit-ats');

module.exports = function(context) {
  if (context.opts.cordova.platforms.includes('ios')) {
    editATS('create_false', context.opts.projectRoot);
  }
};
{code}

I think that modifying Info.plist/AndroidManifest file should be done when 
after_platform_add.
Because we can apply the modification to the original (template default) 
Info.plist/AndroidManifest.xml.


> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple 
> ------------------------------------------------------------------------------
>
>                 Key: CB-11440
>                 URL: https://issues.apache.org/jira/browse/CB-11440
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-ios
>         Environment: cordova-ios 4.1.1
>            Reporter: Michael Schmidt
>            Assignee: Shazron Abdullah
>            Priority: Blocker
>              Labels: backlog, iOS, triaged
>             Fix For: cordova-ios@5.0.0
>
>
> iOS platform by default disables https:
> {code}
>     <key>NSAppTransportSecurity</key>
>     <dict>
>       <key>NSAllowsArbitraryLoads</key>
>       <true/>
>     </dict>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

Reply via email to