Xcoders talk: App Transport Security
This past Thursday, I had the opportunity to talk at Seattle Xcoders about App Transport Security. While the talk was mostly a distillation of my previous post on the topic, there were a few new tidbits I learned during research and followup from the original post.
If you’d like to review the slides from the talk, they can be found here; a video should be forthcoming. Otherwise, a brief summary of the new tidbits from the talk is as follows.
- ATS requirements apply at every step of a redirect. If you have a server rewriting URLs or otherwise redirecting to a different location, both that redirector and the new destination must meet ATS’s requirements.
- It’s not possible to add dynamic ATS exceptions. Every exception must be given in your app’s Info.plist up front.
- Playgrounds and SFSafariViewController both ignore ATS. The latter can be a great way to show user-generated Web content, such as in a social media app.
As always, if you have any questions or comments, feel free to reach out on Twitter!