Xcoders talk: App Transport Security

This past Thursday, I had the opportunity to talk at Seattle Xcoders about App Transport Security. While the talk was mostly a distillation of my previous post on the topic, there were a few new tidbits I learned during research and followup from the original post.

If you’d like to review the slides from the talk, they can be found here; a video should be forthcoming. Otherwise, a brief summary of the new tidbits from the talk is as follows.

  • ATS requirements apply at every step of a redirect. If you have a server rewriting URLs or otherwise redirecting to a different location, both that redirector and the new destination must meet ATS’s requirements.
  • It’s not possible to add dynamic ATS exceptions. Every exception must be given in your app’s Info.plist up front.
  • Playgrounds and SFSafariViewController both ignore ATS. The latter can be a great way to show user-generated Web content, such as in a social media app.

As always, if you have any questions or comments, feel free to reach out on Twitter!