I am attempting to send a http:// request however, ATS keeps blocking my request. I have turned on Allow Arbitrary Loads in the Info.plist and it still gives me the same error:
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
You can add exceptions for specific domains in your Info.plist
You can bypass this by adding this key to your info.plist of the project
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Your dictionary App Transport Security Settings should be named NSAppTransportSecurity. And there should be only one thing in there which is NSAllowsArbitraryLoads boolean. Something like this.
Related
Even after adding App Transport Security Settings and Allow Arbitrary Loads under it I'm still getting the same error -
"App Transport Security has blocked a cleartext HTTP (http://) resource load
since it is insecure. Temporary exceptions can be configured via your app's
Info.plist file."
also couldn't figure out why the value of 'App Transport Security Settings' on the right side of the table is showing 0
You should add Allow Arbitrary Loads inside App Transport Security Settings dictionary, like this:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Just adding to the above (yes it does still work at time of writing). For development purposes this works, but you won't be able to publish beyond 100 users in your Test Flight.
If you intend to push the app to the public or a Beta group you'll need to move to HTTPS or have very good reasons for the HTTP. See more here: https://developer.apple.com/documentation/security/preventing_insecure_network_connections
WKWebView doesn't load http requests, only https is working. My Url's strings are fetched from an API, so the url's links could be http and https. I did read about security, however the only thing I found was to add the following lines to the Info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key> NSAllowsArbitraryLoadsInWebContent</key>
<true/>
</dict>
However, in the .plist these keys don't exist. Is there any way to make WKWebView load http web content, and would the app be approved by the App Store?
I'm using Xcode 9.
1: Open your info.plist file from the project
2: add App Transport Security Settings in Information Property List
3: add Allow Arbitrary Loads in App Transport Security Settings
See the attached images
You can ignore all transport security restrictions with the key your provided using the following:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I assume your example is not working due the space in the key:
<key> NSAllowsArbitraryLoadsInWebContent</key>
Try to use the same value as you did but without the space.
guys. I set my info.plist as the picture
however,there is still the problem there:" App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
" . I update my Xcode yestoday. the vision is 7.1 . and simulator`s vision is 9.1
Is there similer question here?
Open Info.plist and change that text with NSAllowsArbitraryLoads and your issue will be resolved.
Or open Info.plist file in Source Code mode and replace the following lines:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Run my app on iOS 9 device,
got error logged:
App Transport Security has blocked a cleartext HTTP (http://) resource
load since it is insecure. Temporary exceptions can be configured via
your app's Info.plist file.
I surely did add NSAllowsArbitraryLoads to info.plist:
It still loaded nothing from the web...
What did I miss?
Do I have to allow the certain domain for my web service ?
I have found how to fix this query.
Ref->How do I load an HTTP URL with App Transport Security enabled in iOS 9?
-> Open Plist File of your project.
-> Then add NSAppTransportSecurity as a Dictionary.
-> Then add NSAllowsArbitraryLoads as Boolean and set its value to YES.
Now, Clean your project and run your project.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
please add these line in your plist 1- go to plist 2- right click and go to open as -> source code 3- paste these line in source code
In iOS 9, Apple is blocking insecure HTTP connections for apps, unless specific hosts are whitelisted.
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/
Are WebView(s) exempt from these rules for obvious reasons, or are we still expected to whitelist hosts that a browser opens... including all links from a given page?
I wasn't sure if this was our responsibility or if that was exempt.
SFSafariViewController can show HTTP without the NSAppTransportSecurity key.
UIWebView and WKWebView require the NSAppTransportSecurity key mentioned above to display HTTP pages.
I have inserted the following in my apps .plist per the Apple Guidance:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections - with and without SSL (DANGEROUS)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
and when I try to load my webView (from an HTTPS server no less), I get the following error and it doesn't load.
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
So I it looks like not only are they not exempt, they don't work even if you make the correct addition to the .plist.
This question was originally about iOS 9; however, according to Apple's documentation:
Starting in iOS 10.0 and later, the following subkeys are supported:
NSAllowsArbitraryLoadsInWebContent
...
Use NSAllowsArbitraryLoadsInWebContent so that you do not need to white list each page a WebView may load.
Keep NSAllowsArbitraryLoads to maintain backward compatibility with iOS 9 and enable the new setting in your Xcode 8 project Info.plist here:
If your app (a third-party web browser, for instance) needs to load arbitrary content, Apple provides a way to disable ATS altogether, but I suspect it’s wise for you to use this capability sparingly:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>