Open mfhaberlach opened 4 years ago
shagedorn
commented
4 years ago Thanks for your message. The SumUp SDK uses more than the listed subdomain. To configure ATS in a future-proof way, we recommend adding sumup.com to your exceptions and setting the NSIncludesSubdomains value to YES – we hope this works/helps?
sammcewan
commented
4 years ago @shagedorn We're keen to understand what element isn't compliant with ATS which always prefers server fixes rather than exemptions. From a security standpoint we maintain a register capturing why we're disabling it for certain dependencies and it feels like disabling it for a payment provider is a bit odd. Can you provide clarity as to why please?
shagedorn
commented
4 years ago Our service should be compliant with ATS so if you're using the default ATS configuration (that is, ATS enabled for all domains), you should be fine. However, ATS also allows you to enable it for specific domains only, which I assumed this question is about.
sammcewan
commented
4 years ago @shagedorn Thank you for clarifying. We'll keep you posted!
We have a restrictive ATS configuration for our production build. And for so SumUp will not work if we build our Application for production. We have get it to Work as we added ATS Exceptions for "sumup.com" and "api.sumup.com". Are there any other Domains the IOS SDK connects too?
Maybe you could document this as well for the SDK.