[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17239266#comment-17239266
]
Yourspace commented on CB-11440:
Hello, any news of Admob SDK v20, will be updated?
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-ios
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: backlog, iOS, triaged
> Fix For: cordova-ios@5.0.0
>
> Attachments: WebAdmin.txt
>
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163319#comment-17163319
]
Christopher Blum commented on CB-11440:
---
Thanks
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-ios
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: backlog, iOS, triaged
> Fix For: cordova-ios@5.0.0
>
> Attachments: WebAdmin.txt
>
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16510744#comment-16510744
]
Ken Naito commented on CB-11440:
I created a simple npm module experimentally.
By using this module, we can set the NSAllowsArbitraryLoads to false.
https://www.npmjs.com/package/cordovax-edit-ats
Install:
{code}
$ npm install cordovax-edit-ats
{code}
on the cordova application directory.
Using this module, we can set the NSAllowsArbitraryLoads to false by command
line
{code}
$ npx cordovax-edit-ats create false
{code}
or by using hook script like
config.xml:
{code}
{code}
with scripts/editPlist.js
{code}
var editATS = require('cordovax-edit-ats');
module.exports = function(context) {
if (context.opts.cordova.platforms.includes('ios')) {
editATS('create_false', context.opts.projectRoot);
}
};
{code}
I think that modifying Info.plist/AndroidManifest file should be done when
after_platform_add.
Because we can apply the modification to the original (template default)
Info.plist/AndroidManifest.xml.
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-ios
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: backlog, iOS, triaged
> Fix For: cordova-ios@5.0.0
>
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16282732#comment-16282732
]
Tony Leung commented on CB-11440:
-
Remove the wildcard in config.xml and put in my own rules doesn't make
NSAllowsArbitraryLoads set to false too. How can we set the
NSAllowsArbitraryLoads to false in Cordova?
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-ios
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: backlog, iOS, triaged
> Fix For: cordova-ios@5.0.0
>
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15864799#comment-15864799
]
Shazron Abdullah commented on CB-11440:
---
[~freetz] You would just remove the wildcard in config.xml access tag and put
in your own rules. We allow everything by default for ease of first use.
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15820911#comment-15820911
]
Fritz Peter commented on CB-11440:
--
Is it possible to set it to false anyway? NSAllowsArbitraryLoads is always true
after cordova build.
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15769549#comment-15769549
]
jcesarmobile commented on CB-11440:
---
Apple has postponed the deadline for using ATS from January to unknown
https://developer.apple.com/news/?id=12212016b
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15535260#comment-15535260
]
Michael Schmidt commented on CB-11440:
--
Yep, we shouldn't be the police for enforcing this behaviour.
it would be better to clearly document the options - where two things need to
be changed:
- updating tags
- correctly setting the NSAppTransportSecurity config: e.g.
NSAllowsArbitraryLoads
the option NSAllowsArbitraryLoadsInWebContent addresses the latter part - which
is currently missing
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15534001#comment-15534001
]
Shazron Abdullah commented on CB-11440:
---
More clarification, straight from an Apple DTS engineer:
https://forums.developer.apple.com/thread/48979#146140
Nothing has been disabled, but you will have to justify why you need an
exception. So, this is more like, do we want to force users to be more
discriminatory about their tags? Are we supposed to be a filter before
they get the rejection?
If they get a rejection, they can update their tags and re-submit.
This is a hassle, however.
What I don't think is that we can be the police for enforcing this behaviour --
although "*" might *not* be allowed, it is allowed in other platforms besides
iOS. I think the only thing we can do is print a warning if the wildcard is
used.
So my suggestion (like what jcesarmobile said) is to document, and print a
warning as well, if the wildcard is used. However, I think we should keep the
access tag with the wildcard, so that the warning is always printed for a new
project (as a nag).
I'll add these three new options in another issue:
NSAllowsArbitraryLoadsInWebContent
NSRequiresCertificateTransparency
NSAllowsLocalNetworking
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15511064#comment-15511064
]
Michael Schmidt commented on CB-11440:
--
Apple clearly wants to push secure connections.
it would imho be better to limit to https and document,
that an unsecure connection can be achieved by "NSAllowsArbitraryLoads".
this prevents people to run into unexpected rejections
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[
https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15344014#comment-15344014
]
Shazron Abdullah commented on CB-11440:
---
Changed priority to Blocker for visibility reasons, even though we have time.
This will have to be part of a major bump, i.e. cordova-ios-5.x
> iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
> --
>
> Key: CB-11440
> URL: https://issues.apache.org/jira/browse/CB-11440
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Environment: cordova-ios 4.1.1
>Reporter: Michael Schmidt
>Assignee: Shazron Abdullah
>Priority: Blocker
> Labels: iOS, triaged
>
> iOS platform by default disables https:
> {code}
> NSAppTransportSecurity
>
> NSAllowsArbitraryLoads
>
>
> {code}
> Apple soon requires HTTPS:
> "Apple mandates App Store apps support ATS security protocol by 2017"
> http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017
> --> remove this default from cordova ios platform
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
