NSAllowsArbitraryLoadsInWebContent has no effect on videos embedded in WKWebView
| Originator: | geza.miklo | ||
| Number: | rdar://29477773 | Date Originated: | 2016-12-02 |
| Status: | Open | Resolved: | |
| Product: | iOS + SDK | Product Version: | |
| Classification: | Reproducible: | 100% |
Area: AVFoundation (Audio / Video) Summary: I have configured ATS according to your guidelines. I guess it is a fair list of exceptions. Our application makes the articles of our site available through an app. Most of the http contents are loaded inside of WKWebView. Videos stream over http are failing. However, if I add the video content provider's site as an exception the video can be played. This prevents me to be able to turn ATS on in my application. There's no sense to gather all content providers and add them as exceptions. A new provider can accur anytime in the web content, and I should have to release a new version of the app each time. <dict> <key>NSAllowsArbitraryLoadsInWebContent</key> <true/> <key>NSExceptionDomains</key> <dict> <key>*</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> <key>24.hu</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> <key>mobil.p24.hu</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> <key>p24.hu</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> <key>p3k.hu</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> </dict> Steps to Reproduce: Create a new project Allow ATS Allow Arbitrary Loads in WebContent Take an HTML having video content embedded from an "insecure" site (see attached file containing video embed) Load the content into a WKWebView And now, the video cannot be played. However if you visit the article using Safari, no matter desktop or mobile, the video can be played. http://24.hu/belfold/2016/12/01/nezze-meg-hogy-leptek-meg-egy-beteg-kisfiut-a-rendoreink-video/ Expected Results: Tapping the play button on video should start video playback. Actual Results: It seems that the video starts loading, but it is stuck. I cannot even see an ATS warning or error regarding the video content's url. Version: iOS 10 no matter what type of device Notes: Can be reprodces any time in 100% of test cases Configuration: iPhone 6S, iPad mini 3 Attachments: 'html_with_video_embed_from_videa.hu.html' was successfully uploaded.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!