Upgrade to Pro — share decks privately, control downloads, hide ads and more …

忙しい人のためのApp Transport Security

niwatako
March 03, 2017

忙しい人のためのApp Transport Security

@ try! Swift Tokyo 2017 https://www.tryswift.co/tokyo/jp
発表原稿はこちら: http://niwatako.hatenablog.jp/entry/2017/03/03/162543

WWDC2016にてATS(App Transport Security)の必須化がアナウンスされました。しかしご存知の通り、必須化は延期されました。また、iOS10で新たなATSの設定を行うInfo.plistのキーが導入されましたが、iOS10のマイナーバージョンごとに仕様が異なります。このLTでは、制度も情報も仕様も混乱しているATSを5分でマスターしていただくことに挑戦します。

niwatako

March 03, 2017
Tweet

More Decks by niwatako

Other Decks in Technology

Transcript

  1. https • different? • Hash algorithm • Digital sign •

    Encryption • … Safe HTTPS Unsafe HTTPS
  2. > What’s is the “Safe HTTPS” ? ( ɾωɾ)ͬ Information

    Property List Key Reference https://developer.apple.com/library/prerelease/content/ documentation/General/Reference/InfoPlistKeyReference/Articles/ CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW57
  3. $ nscurl --ats-diagnostics https://swift.org/ Default ATS Secure Connection --- ATS

    Default Connection 2017-03-03 09:53:51.924 nscurl[82267:6343870] N NSURLConnection HTTP load failed (kCFStreamErro Result : FAIL ---
  4. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ NSAllowsArbitraryLoadsInWebContent (iOS10.0)
  5. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS iOS10.2ʙ NSAllowsArbitraryLoadsInWebContent (iOS10.2) ATS ɹɹɹɹɹɹɹɹɹ ATS
  6. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS ATS ɹɹɹɹɹɹɹɹɹ NSAllowsArbitraryLoadsInWebContent (iOS10.0)
  7. WK UI NS Safe HTTPS HTTP Unsafe HTTPS WK UI

    NS WK UI NS iOS10.2ʙ NSAllowsArbitraryLoadsInWebContent (iOS10.2) ATS ɹɹɹɹɹɹɹɹɹ ATS
  8. Important Things About ATS • There are cases that it

    does not work properly. • You should to check 
 both the specification and the actual behavior. • Behaviors are different between minor versions.