App Transport Security difficult to work with when working with IP addresses on the local network
| Originator: | inbox | ||
| Number: | rdar://21607336 | Date Originated: | 30-Jun-2015 09:59 AM |
| Status: | Open | Resolved: | |
| Product: | iOS SDK | Product Version: | 9.0 (13A4280e) |
| Classification: | Enhancement | Reproducible: | Always |
Summary: I'm working with hardware on the local network that's discovered at runtime using either NSNetServiceBrowser or SSDP. This hardware communicates using unencrypted HTTP, meaning it's blocked by default by App Transport Security. There doesn't appear to be a good way of whitelisting said devices using ATS. Steps to Reproduce: 1. In the default configuration, try to connect to a HTTP service running on the local network. 2. See that it's blocked by App Transport Security by default. 3. Attempt to whitelist the service in a sensible way using the NSAppTransportSecurity family of Info.plist keys Expected Results: I'd expect there to be a way to whitelist IP blocks for e.g. local networks. This way, I could whitelist the following: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 …and still keep App Transport Security for connections to the outside world. Actual Results: It's impossible to whitelist services on the local network. The only way I've been able to get around this is to completely disable App Transport Security for my application using NSAllowsArbitraryLoads: YES. Version: iOS 9 (13A4280e) (also Mac OS X 10.11 (15A204h)) Notes: Configuration: iPhone 6 EU Unlocked
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Thanks!
Thanks for posting this bug! I duped it.