search

readium / SDKLauncher-iOS

A small iOS application to serve as a launcher/testbed for the Readium SDK.
BSD 3-Clause "New" or "Revised" License
71 stars 47 forks source link

add security exception for ios9 non-https requests #63

Closed bluefirepatrick closed 9 years ago

bluefirepatrick commented 9 years ago

This fixes the error that is caused in the launcher when non https resources are loaded due to the new security restrictions in iOS 9

danielweck commented 9 years ago

Thanks, but let's merge to develop, not master :)

danielweck commented 9 years ago

By the way, given that some EPUB3 e-books may contain references to non-secured (not HTTPS) external audio/video media assets, it does seem to make sense to use the proposed "allow everything" strategy:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

In theory, it should be possible to specify an HTTP whitelist, but because this would have to be based on known domains, it is probably unrealistic:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>readium.org</key> <!-- what about 127.0.0.1 ? -->
    <dict>
      <key>NSIncludesSubdomains</key>
      <true/>
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
    </dict>
  </dict>
</dict>
bluefirepatrick commented 9 years ago

Oops, meant for pull request to be for 'develop' thanks

danielweck commented 8 years ago

Moved here: https://github.com/readium/SDKLauncher-iOS/pull/64