In iOS 9, I can add keys to my info.plist to disable application transport protection. There are two keys: NSExceptionAllowsInsecureHTTPLoadsand NSThirdPartyExceptionAllowsInsecureHTTPLoads, which are defined as:
An optional boolean value that, when set to YES, indicates unsafe HTTP loads. Use this key to describe the behavior of your network for your domain whose security attributes you have.
and
The version of the key NSExceptionAllowsInsecureHTTPLoads that will be used to configure connections to the domain whose security attributes you do not control.
What security attributes do they relate to? Why does it matter, what are my intentions?
What are the circumstances under which I would use one of them and not the other?
Simon source
share