[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17239266#comment-17239266 ] Yourspace commented on CB-11440: Hello, any news of Admob SDK v20, will be updated? > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-ios > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: backlog, iOS, triaged > Fix For: cordova-ios@5.0.0 > > Attachments: WebAdmin.txt > > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163319#comment-17163319 ] Christopher Blum commented on CB-11440: --- Thanks > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-ios > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: backlog, iOS, triaged > Fix For: cordova-ios@5.0.0 > > Attachments: WebAdmin.txt > > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16510744#comment-16510744 ] Ken Naito commented on CB-11440: I created a simple npm module experimentally. By using this module, we can set the NSAllowsArbitraryLoads to false. https://www.npmjs.com/package/cordovax-edit-ats Install: {code} $ npm install cordovax-edit-ats {code} on the cordova application directory. Using this module, we can set the NSAllowsArbitraryLoads to false by command line {code} $ npx cordovax-edit-ats create false {code} or by using hook script like config.xml: {code} {code} with scripts/editPlist.js {code} var editATS = require('cordovax-edit-ats'); module.exports = function(context) { if (context.opts.cordova.platforms.includes('ios')) { editATS('create_false', context.opts.projectRoot); } }; {code} I think that modifying Info.plist/AndroidManifest file should be done when after_platform_add. Because we can apply the modification to the original (template default) Info.plist/AndroidManifest.xml. > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-ios > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: backlog, iOS, triaged > Fix For: cordova-ios@5.0.0 > > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16282732#comment-16282732 ] Tony Leung commented on CB-11440: - Remove the wildcard in config.xml and put in my own rules doesn't make NSAllowsArbitraryLoads set to false too. How can we set the NSAllowsArbitraryLoads to false in Cordova? > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-ios > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: backlog, iOS, triaged > Fix For: cordova-ios@5.0.0 > > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15864799#comment-15864799 ] Shazron Abdullah commented on CB-11440: --- [~freetz] You would just remove the wildcard in config.xml access tag and put in your own rules. We allow everything by default for ease of first use. > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: iOS > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: iOS, triaged > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15820911#comment-15820911 ] Fritz Peter commented on CB-11440: -- Is it possible to set it to false anyway? NSAllowsArbitraryLoads is always true after cordova build. > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: iOS > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: iOS, triaged > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15769549#comment-15769549 ] jcesarmobile commented on CB-11440: --- Apple has postponed the deadline for using ATS from January to unknown https://developer.apple.com/news/?id=12212016b > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: iOS > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: iOS, triaged > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15535260#comment-15535260 ] Michael Schmidt commented on CB-11440: -- Yep, we shouldn't be the police for enforcing this behaviour. it would be better to clearly document the options - where two things need to be changed: - updating tags - correctly setting the NSAppTransportSecurity config: e.g. NSAllowsArbitraryLoads the option NSAllowsArbitraryLoadsInWebContent addresses the latter part - which is currently missing > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: iOS > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: iOS, triaged > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15534001#comment-15534001 ] Shazron Abdullah commented on CB-11440: --- More clarification, straight from an Apple DTS engineer: https://forums.developer.apple.com/thread/48979#146140 Nothing has been disabled, but you will have to justify why you need an exception. So, this is more like, do we want to force users to be more discriminatory about their tags? Are we supposed to be a filter before they get the rejection? If they get a rejection, they can update their tags and re-submit. This is a hassle, however. What I don't think is that we can be the police for enforcing this behaviour -- although "*" might *not* be allowed, it is allowed in other platforms besides iOS. I think the only thing we can do is print a warning if the wildcard is used. So my suggestion (like what jcesarmobile said) is to document, and print a warning as well, if the wildcard is used. However, I think we should keep the access tag with the wildcard, so that the warning is always printed for a new project (as a nag). I'll add these three new options in another issue: NSAllowsArbitraryLoadsInWebContent NSRequiresCertificateTransparency NSAllowsLocalNetworking > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: iOS > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: iOS, triaged > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15511064#comment-15511064 ] Michael Schmidt commented on CB-11440: -- Apple clearly wants to push secure connections. it would imho be better to limit to https and document, that an unsecure connection can be achieved by "NSAllowsArbitraryLoads". this prevents people to run into unexpected rejections > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: iOS > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: iOS, triaged > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
[jira] [Commented] (CB-11440) iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple
[ https://issues.apache.org/jira/browse/CB-11440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15344014#comment-15344014 ] Shazron Abdullah commented on CB-11440: --- Changed priority to Blocker for visibility reasons, even though we have time. This will have to be part of a major bump, i.e. cordova-ios-5.x > iOS: Remove default: disabled NSAppTransportSecurity - soon required by Apple > -- > > Key: CB-11440 > URL: https://issues.apache.org/jira/browse/CB-11440 > Project: Apache Cordova > Issue Type: Bug > Components: iOS > Environment: cordova-ios 4.1.1 >Reporter: Michael Schmidt >Assignee: Shazron Abdullah >Priority: Blocker > Labels: iOS, triaged > > iOS platform by default disables https: > {code} > NSAppTransportSecurity > > NSAllowsArbitraryLoads > > > {code} > Apple soon requires HTTPS: > "Apple mandates App Store apps support ATS security protocol by 2017" > http://appleinsider.com/articles/16/06/14/apple-mandates-app-store-apps-support-ats-security-protocol-by-2017 > --> remove this default from cordova ios platform -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org