Copy link to clipboard
Copied
The latest beta release notes mentions the new use of iOS 9 and iOS SDK Upgrade and with support for App Transport Security (ATS) you include a sample exceptions to the default behaviour of:
<iPhone>
<InfoAdditions>
<![CDATA[
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
]]>
</InfoAdditions>
</iPhone>
But you really shouldn't be recommending this global disabling setting. It is more secure for people to only downgrade on a per-domain exception setting as needed for the domains they know they are using, like:
<iPhone>
<InfoAdditions>
<![CDATA[
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
]]>
</InfoAdditions>
</iPhone>
Copy link to clipboard
Copied
Thanks for taking the time to point this out. I've moved the post to the AIR Beta forum so that it will make the radar of the AIR mobile team and will forward it on to our product manager for consideration.