###多任务模式
默认情况下iPadAir2开始支持了多任务模式,虽然看起来不错。但是这个功能给一些旧项目带来了一个问题,All interface orientations must be supported unless the app requires full screen.
也就是在默认情况下,你的应用需要支持所有设备方向(上下左右),或者是在项目如下图,在项目设置中勾上Requires full screen可去掉这个编译警告。
###App Transport Security
从iOS9开始,默认关于网络通信请求都需要是加密的,且加密方式还要是TLS 1.2 withforward secrecy。这一个蛋疼的更新就基本上消灭了99%以上的服务器了,直接造成App无法访问,会提示网站不可信任的异常。
当然Apple默认也提供了一个避免使用默认设置的配置方法。(修改Info.Plist文件)
####取消ATS设定方法(基本就是回到iOS8时代)
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
####忽视指定域名
设定的时候要注意的是,如果将NSIncludesSubdomains设为true的时候,那么会默认也忽视其下的子域名。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>domain1.jp</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>domain2.jp</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
####官方说明 App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one. If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file. These are the App Transport Security requirements: The server must support at least Transport Layer Security (TLS) protocol version 1.2. Connection ciphers are limited to those that provide forward secrecy (see the list of ciphers below.) Certificates must be signed using a SHA256 or greater signature hash algorithm, with either a 2048-bit or greater RSA key or a 256-bit or greater Elliptic-Curve (ECC) key. Invalid certificates result in a hard failure and no connection.
These are the accepted ciphers:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
####Info.plist keys: Structure and types
| Key | Type |
|---|---|
| NSAppTransportSecurity | Dictionary |
| NSAllowsArbitraryLoads | Boolean |
| NSExceptionDomains | Dictionary |
| <domain-name-for-exception-as-string> | Dictionary |
| NSExceptionMinimumTLSVersion | String |
| NSExceptionRequiresForwardSecrecy | Boolean |
| NSExceptionAllowsInsecureHTTPLoads | Boolean |
| NSIncludesSubdomains | Boolean |
| NSThirdPartyExceptionMinimumTLSVersion | String |
| NSThirdPartyExceptionRequiresForwardSecrecy | Boolean |
| NSThirdPartyExceptionAllowsInsecureHTTPLoads | Boolean |
####NSAppTransportSecurity A dictionary containing the settings for overriding default App Transport Security behaviors. The top level key for the app’s Info.plist file.
####NSAllowsArbitraryLoads A Boolean value used to disable App Transport Security for any domains not listed in the NSExceptionDomains dictionary. Listed domains use the settings specified for that domain.
The default value of NOfalse requires the default App Transport Security behavior for all connections.
####NSExceptionDomains A dictionary of App Transport Security exceptions for specific domains. Each key is a string containing the domain name for the exceptions.
####<domain-name-for-exception-as-string> A dictionary of exceptions for the named domain. The name of the key is the name of the domain–for example, www.apple.com.
####NSExceptionMinimumTLSVersion A string that specifies a the minimum TLS version for connections. Valid values are:
- TLSv1.0
- TLSv1.1
- TLSv1.2
- TLSV1.2 is the default value.
####NSExceptionRequiresForwardSecrecy A Boolean value for overriding the requirement that the domain support forward secrecy using ciphers.
YEStrue is the default value and limits the ciphers to those shown in Default Behavior.
Setting the value to NOfalse adds the following the list of accepted ciphers:
- TLSRSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
####NSExceptionAllowsInsecureHTTPLoads A Boolean value for overriding the requirement that all connections use HTTPS. Use this key to access domains with no certificate, or with an error for a self-signed, expired, or hostname-mismatch certificate.
NOfalse is the default value.
####NSIncludesSubdomains A Boolean value for applying the overrides to all subdomains of the top-level domain.
NOfalse is the default value.
####NSThirdPartyExceptionMinimumTLSVersion A version of NSExceptionMinimumTLSVersion used when the domain is an app service that is not controlled by the developer.
####NSThirdPartyExceptionRequiresForwardSecrecy A version of NSExceptionRequiresForwardSecrecy used when the domain is an app service that is not controlled by the developer.
####NSThirdPartyExceptionAllowsInsecureHTTPLoads A version of NSExceptionAllowsInsecureHTTPLoads used when the domain is an app service that is not controlled by the developer.
来源:oschina
链接:https://my.oschina.net/u/878346/blog/523539