问题描述

在安全性方面，将 localhost 添加到ATS NSExceptionDomains 以供开发使用是否安全？在每次提交之前从 Info.plist 文件中删除这些行不是很方便（并且很容易忘记）。

Is it safe, in terms of security, to add localhost to ATS NSExceptionDomains for development use? It's not very convenient (and it's easy to forget) to remove those lines from Info.plist file before every commit.

<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>localhost</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

此外，Apple可以拒绝该申请吗？

Additionally, can Apple reject the application because of this?

推荐答案

您现在可以为本地地址执行此操作：

You can now do this for local addresses:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsLocalNetworking</key>
    <true/>
</dict>

Apple已将此密钥保存为ATS例外 - 它已表示不会拒绝使用它的应用程序。更多信息：（在本地页面搜索）

Apple has blessed this key as an ATS exception — it has said it will not reject apps for using it. More info here: https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html (search in page for "local")

这篇关于将localhost添加到App Transport Security（ATS）NSExceptionDomains是否安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！