Skip to main content
jadams602
jadams602
Inspiring
January 8, 2016
Question

Flash Player Beta 1/8/2016 Release Notes

  • January 8, 2016
  • 1 reply
  • 598 views

The latest beta release notes mentions the new use of iOS 9 and iOS SDK Upgrade and with support for App Transport Security (ATS) you include a sample exceptions to the default behaviour of:

<iPhone>

  <InfoAdditions>

  <![CDATA[

    <key>NSAppTransportSecurity</key>

    <dict>

    <key>NSAllowsArbitraryLoads</key><true/>

    </dict>

  ]]>

  </InfoAdditions>

</iPhone>

But you really shouldn't be recommending this global disabling setting. It is more secure for people to only downgrade on a per-domain exception setting as needed for the domains they know they are using, like:

<iPhone>

  <InfoAdditions>

  <![CDATA[

<key>NSAppTransportSecurity</key>

<dict>

  <key>NSExceptionDomains</key>

  <dict>

  <key>yourserver.com</key>

  <dict>

  <!--Include to allow subdomains-->

  <key>NSIncludesSubdomains</key>

  <true/>

  <!--Include to allow HTTP requests-->

  <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>

  <true/>

  <!--Include to specify minimum TLS version-->

  <key>NSTemporaryExceptionMinimumTLSVersion</key>

  <string>TLSv1.1</string>

  </dict>

  </dict>

</dict>

  ]]>

  </InfoAdditions>

</iPhone>

This topic has been closed for replies.

1 reply

jeromiec83223024
Community Manager
jeromiec83223024Community Manager
Community Manager
January 25, 2016

Thanks for taking the time to point this out.  I've moved the post to the AIR Beta forum so that it will make the radar of the AIR mobile team and will forward it on to our product manager for consideration.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices