Open mfhaberlach opened 4 years ago
Thanks for your message. The SumUp SDK uses more than the listed subdomain. To configure ATS in a future-proof way, we recommend adding sumup.com
to your exceptions and setting the NSIncludesSubdomains
value to YES
– we hope this works/helps?
@shagedorn We're keen to understand what element isn't compliant with ATS which always prefers server fixes rather than exemptions. From a security standpoint we maintain a register capturing why we're disabling it for certain dependencies and it feels like disabling it for a payment provider is a bit odd. Can you provide clarity as to why please?
Our service should be compliant with ATS so if you're using the default ATS configuration (that is, ATS enabled for all domains), you should be fine. However, ATS also allows you to enable it for specific domains only, which I assumed this question is about.
@shagedorn Thank you for clarifying. We'll keep you posted!
We have a restrictive ATS configuration for our production build. And for so SumUp will not work if we build our Application for production. We have get it to Work as we added ATS Exceptions for "sumup.com" and "api.sumup.com". Are there any other Domains the IOS SDK connects too?
Maybe you could document this as well for the SDK.