Hi,
;tldr How can I treat all subdomains on domain.com as secure, except for the one's I specify in the exception list?
I am trying to configure App Transport Security to have exceptions for particular subdomains but am not having any luck. I have tried searching extensively and haven't found something that matches what I'm seeing.
My scenario is this.
During development, my app can connect to several insecure subdomains for testing different backend environments, so I need to add those domains to the exception list for ATS.
When it is time to distribute my application it will connect to a secure subdomain on the same top level domain as the insecure testing environment servers.
I have not been able to find a way to configure insecure subdomains and treat all others as secure.
The app when released, will point to something like secure.domain.com
Here's what my plist looks like.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>insecure.domain.com</key>
<dict>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>insecure1.domain.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
<key>insecure2.domain.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>The app is an iOS application building with iOS SDK 9.2, for the time being.