Highlighted

Flash Player Beta 1/8/2016 Release Notes

Engaged ,
Jan 08, 2016

Copy link to clipboard

Copied

The latest beta release notes mentions the new use of iOS 9 and iOS SDK Upgrade and with support for App Transport Security (ATS) you include a sample exceptions to the default behaviour of:

<iPhone>

  <InfoAdditions>

  <![CDATA[

    <key>NSAppTransportSecurity</key>

    <dict>

    <key>NSAllowsArbitraryLoads</key><true/>

    </dict>

  ]]>

  </InfoAdditions>

</iPhone>

But you really shouldn't be recommending this global disabling setting. It is more secure for people to only downgrade on a per-domain exception setting as needed for the domains they know they are using, like:

<iPhone>

  <InfoAdditions>

  <![CDATA[

<key>NSAppTransportSecurity</key>

<dict>

  <key>NSExceptionDomains</key>

  <dict>

  <key>yourserver.com</key>

  <dict>

  <!--Include to allow subdomains-->

  <key>NSIncludesSubdomains</key>

  <true/>

  <!--Include to allow HTTP requests-->

  <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>

  <true/>

  <!--Include to specify minimum TLS version-->

  <key>NSTemporaryExceptionMinimumTLSVersion</key>

  <string>TLSv1.1</string>

  </dict>

  </dict>

</dict>

  ]]>

  </InfoAdditions>

</iPhone>

TOPICS
Air beta

Views

465

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Flash Player Beta 1/8/2016 Release Notes

Engaged ,
Jan 08, 2016

Copy link to clipboard

Copied

The latest beta release notes mentions the new use of iOS 9 and iOS SDK Upgrade and with support for App Transport Security (ATS) you include a sample exceptions to the default behaviour of:

<iPhone>

  <InfoAdditions>

  <![CDATA[

    <key>NSAppTransportSecurity</key>

    <dict>

    <key>NSAllowsArbitraryLoads</key><true/>

    </dict>

  ]]>

  </InfoAdditions>

</iPhone>

But you really shouldn't be recommending this global disabling setting. It is more secure for people to only downgrade on a per-domain exception setting as needed for the domains they know they are using, like:

<iPhone>

  <InfoAdditions>

  <![CDATA[

<key>NSAppTransportSecurity</key>

<dict>

  <key>NSExceptionDomains</key>

  <dict>

  <key>yourserver.com</key>

  <dict>

  <!--Include to allow subdomains-->

  <key>NSIncludesSubdomains</key>

  <true/>

  <!--Include to allow HTTP requests-->

  <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>

  <true/>

  <!--Include to specify minimum TLS version-->

  <key>NSTemporaryExceptionMinimumTLSVersion</key>

  <string>TLSv1.1</string>

  </dict>

  </dict>

</dict>

  ]]>

  </InfoAdditions>

</iPhone>

TOPICS
Air beta

Views

466

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jan 08, 2016 0
Adobe Employee ,
Jan 25, 2016

Copy link to clipboard

Copied

Thanks for taking the time to point this out.  I've moved the post to the AIR Beta forum so that it will make the radar of the AIR mobile team and will forward it on to our product manager for consideration.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jan 25, 2016 0