Hi,
I’d like to confirm something regarding the hosting of the apple-app-site-association (AASA) file.
We have a server that publicly hosts the AASA file and is accessible globally. However, this server sits behind an additional security layer (a security server/reverse proxy).
My question is: Will this security layer affect Apple’s ability to access and validate the AASA file for Universal Links or App Clips? Are there specific requirements (e.g. headers, redirects, TLS versions, etc.) that we need to ensure the security server does not block or modify?
Any guidance or best practices would be appreciated.
Will this security layer affect Apple’s ability to access and validate the AASA file for Universal Links or App Clips?
Probably not, but it’s hard to offer a definitive answer because of this:
Are there specific requirements (e.g. headers, redirects, TLS versions, etc.) that we need to ensure the security server does not block or modify?
Yes. The AASA file needs to be available from Apple’s CDN without redirects. We call that out in the docs but also in a the super useful TN3155 Debugging universal links. A reverse proxy typically doesn’t involve a redirect, so this typically isn’t a problem. However, what’ll happen in your case depends on the specifics of the setup you’re using.
Fortunately, you can test this, as explain in TN3155.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"