Closed idhruvs closed 3 years ago
Hi! So this looks like it would be a new breaking change, right? No longer supporting HTTP images as icons
Yes. This would be a breaking change. However, even the Apple Developer Documentation cautions in using a "true" for this flag.
Important
You must supply a justification during App Store review if you set the key’s value to YES, as described in Provide Justification for Exceptions. Use this key with caution because it significantly reduces the security of your app. In most cases, it’s better to upgrade your servers to meet the requirements imposed by ATS, or at least to use a narrower exception.
Can this be merged? This package is failing a security scan and Apple recommends setting this flag to false. Security is more important than icons. Icons can also be sent over https.
Based on the comments of the author of terminal-notifier, this flag was initially set to true to allow using icons with http link, however, given the security issues raised by code-analysers, it is a good practice to disable usage of http.