App Transport Security

App Transport Security - ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ, ΠΏΡ€ΠΈΠ΄ΡƒΠΌΠ°Π½Π½Ρ‹ΠΉ Apple для своих устройств ΠΊΠ°ΠΊ Π°Π½Π°Π»ΠΎΠ³ HSTS https://forums.developer.apple.com/thread/6767

Check Server

ΠΊΠ°ΠΊ ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΈΡ‚ΡŒ, настроСн Π»ΠΈ ATS Π½Π° сСрвСрС:

$ nscurl --ats-diagnostics https://www.example.com

<...>
Default ATS Secure Connection
---
ATS Default Connection
Result : PASS
---
Allowing Arbitrary Loads
---
Allow All Loads
Result : PASS
---
<...>
Configuring PFS exceptions for www.example.com
---
Disabling Perfect Forward Secrecy
Result : PASS
---
<...>

Если Π½Π° сторонС сСрвСра Π΅ΡΡ‚ΡŒ ошибки, Π»ΡƒΡ‡ΡˆΠ΅ ΠΈΡΠΏΡ€Π°Π²ΠΈΡ‚ΡŒ ΠΈΡ… ΠΈΠ·ΠΌΠ΅Π½ΠΈΠ² ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΡŽ, Ρ‡Π΅ΠΌ ΠΏΠΎΠ½ΠΈΠΆΠ°Ρ‚ΡŒ ΡƒΡ€ΠΎΠ²Π΅Π½ΡŒ защищСнности ATS ΠΊΠ»ΠΈΠ΅Π½Ρ‚Π°.

ATS Disabled

Check Client

ΠŸΡ€ΠΎΠ²Π΅Ρ€ΡΡ‚ΡŒ ΠΊΠ°ΠΊ настроСн ATS - Π² Info.plist Π’ΠΎΡ‚ ΠΏΡ€ΠΈΠΌΠ΅Ρ€ ΠΎΡ‚ΠΊΠ»ΡŽΡ‡Π΅Π½ΠΈΡ ATS для прилоТСния (Π·Π° ΠΈΡΠΊΠ»ΡŽΡ‡Π΅Π½ΠΈΠ΅ΠΌ Π΄ΠΎΠΌΠ΅Π½ΠΎΠ², ΠΎΠ±ΡŠΡΠ²Π»Π΅Π½Π½Ρ‹Ρ… Π² NSExceptionDomains). Для этих Π΄ΠΎΠΌΠ΅Π½ΠΎΠ² ΠΌΠΎΠΆΠ½ΠΎ ΠΎΠΏΡ€Π΅Π΄Π΅Π»ΡΡ‚ΡŒ свои настройки.

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
  <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

The application may have ATS exceptions defined to allow it’s normal functionality. For an example, the Firefox iOS application has ATS disabled globally. This exception is acceptable because otherwise the application would not be able to connect to any HTTP website that does not have all the ATS requirements.

ΠžΠ±Ρ‰ΠΈΠ΅ Ρ€Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΠΈ

- ATS Π΄ΠΎΠ»ΠΆΠ΅Π½ Π±Ρ‹Ρ‚ΡŒ настроСн Π² соотвСтствии с Π»ΡƒΡ‡ΡˆΠΈΠΌΠΈ ΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΠ°ΠΌΠΈ Apple ΠΈ Π΄Π΅Π°ΠΊΡ‚ΠΈΠ²ΠΈΡ€ΠΎΠ²Π°Π½ Ρ‚ΠΎΠ»ΡŒΠΊΠΎ ΠΏΡ€ΠΈ ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½Π½Ρ‹Ρ… ΠΎΠ±ΡΡ‚ΠΎΡΡ‚Π΅Π»ΡŒΡΡ‚Π²Π°Ρ… (Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€, 3th party not support ATS) - If the application opens third party web sites in web views, then from iOS 10 onwards NSAllowsArbitraryLoadsInWebContent can be used to disable ATS restrictions for the content loaded in web views

Π•ΡΡ‚ΡŒ Π΅Ρ‰Π΅ ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ PFS

PFS β€” Perfect Forward Secrecy

ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½Π°Ρ ΡΡ‚Π°Ρ‚ΡŒΡ Ρƒ NowSecure

LogoA security analyst’s guide to NSAppTransportSecurity, NSAllowsArbitraryLoads, and App Transport Security (ATS) exceptionsNowSecure

ДокумСнтация ΠΏΠΎ настройкС: https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33

PreviousiOSNextInfo.plist

Last updated

Was this helpful?