Search code examples
iosuiwebviewwkwebviewnsapptransportsecurity

What is the best way of implementing App Transport Security?

I'm making a web browser and I'm in the process of finalizing the application and submitting it to the app store.

One of the things I left for last is App Transport Security.

I know it's forced so Developers use https:// instead of http:// but a web browser can't be limited like this.

Is there anything else I can do besides adding "NSAllowsArbitraryLoads: YES" to the info.plist file? enter image description here

Solution
    • For iOS 10+, you can evaluate using NSAllowsArbitraryLoadsForMedia, NSAllowsArbitraryLoadsInWebContent, NSRequiresCertificateTransparency or NSAllowsLocalNetworking instead of the highly insecure ArbitraryLoads: YES.
    • However, for a web browser application, I don't see much of an alternative besides ArbitraryLoads: YES. You can consider implementing alerting the user when loading such sites.

    This is the complete guide to ATS