Related
WKWebView doesn't load http requests, only https is working. My Url's strings are fetched from an API, so the url's links could be http and https. I did read about security, however the only thing I found was to add the following lines to the Info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key> NSAllowsArbitraryLoadsInWebContent</key>
<true/>
</dict>
However, in the .plist these keys don't exist. Is there any way to make WKWebView load http web content, and would the app be approved by the App Store?
I'm using Xcode 9.
1: Open your info.plist file from the project
2: add App Transport Security Settings in Information Property List
3: add Allow Arbitrary Loads in App Transport Security Settings
See the attached images
You can ignore all transport security restrictions with the key your provided using the following:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I assume your example is not working due the space in the key:
<key> NSAllowsArbitraryLoadsInWebContent</key>
Try to use the same value as you did but without the space.
I am facing the Problem when I have updated my Xcode to 7.0 or iOS 9.0.
Somehow it started giving me the Titled error
"The resource could not be loaded because the App Transport Security
policy requires the use of a secure connection"
Webservice Method:
-(void)ServiceCall:(NSString*)ServiceName :(NSString *)DataString
{
NSURLSessionConfiguration *sessionConfiguration = [NSURLSessionConfiguration defaultSessionConfiguration];
[sessionConfiguration setAllowsCellularAccess:YES];
[sessionConfiguration setHTTPAdditionalHeaders:#{ #"Accept" : #"application/json" }];
NSURLSession *session = [NSURLSession sessionWithConfiguration:sessionConfiguration];
NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:#"%#",ServiceURL]];
NSLog(#"URl %#%#",url,DataString);
// Configure the Request
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
[request setValue:[NSString stringWithFormat:#"%#=%#", strSessName, strSessVal] forHTTPHeaderField:#"Cookie"];
request.HTTPBody = [DataString dataUsingEncoding:NSUTF8StringEncoding];
request.HTTPMethod = #"Post";
// post the request and handle response
NSURLSessionDataTask *postDataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error)
{
// Handle the Response
if(error)
{
NSLog(#"%#",[NSString stringWithFormat:#"Connection failed: %#", [error description]]);
// Update the View
dispatch_async(dispatch_get_main_queue(), ^{
// Hide the Loader
[MBProgressHUD hideHUDForView:[[UIApplication sharedApplication] delegate].window animated:YES];
});
return;
}
NSArray * cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:request.URL];
for (NSHTTPCookie * cookie in cookies)
{
NSLog(#"%#=%#", cookie.name, cookie.value);
strSessName=cookie.name;
strSessVal=cookie.value;
}
NSString *retVal = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
}];
[postDataTask resume];
}
The service is Running fine for Xcode earlier versions and iOS previous versions But when I have updated to Xcode 7.0 that is on iOS 9.0, it started to give me the Problem like following when I am calling the above web service method. The Logged Error which I am getting is:
Connection failed: Error Domain=NSURLErrorDomain Code=-1022 "The
resource could not be loaded because the App Transport Security policy
requires the use of a secure connection."
UserInfo={NSUnderlyingError=0x7fada0f31880 {Error
Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"},
NSErrorFailingURLStringKey=MyServiceURL,
NSErrorFailingURLKey=MyServiceURL,
NSLocalizedDescription=The resource could not be loaded because the
App Transport Security policy requires the use of a secure
connection.}
I have tried Following Questions and answers but did not get any result there, is there any advance idea how I can remove that service call error?
The resource could not be loaded is ios9
App Transport Security Xcode 7 beta 6
https://stackoverflow.com/a/32609970
I have solved it with adding some key in info.plist.
The steps I followed are:
Opened my Project target's info.plist file
Added a Key called NSAppTransportSecurity as a Dictionary.
Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.
Clean the Project and Now Everything is Running fine as like before.
Ref Link: https://stackoverflow.com/a/32609970
EDIT:
OR In source code of info.plist file we can add that:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>yourdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Be aware, using NSAllowsArbitraryLoads = true in the project's info.plist allows all connection to any server to be insecure. If you want to make sure only a specific domain is accessible through an insecure connection, try this:
Or, as source code:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>domain.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Clean & Build project after editing.
Transport security is provided in iOS 9.0 or later, and in OS X v10.11 and later.
So by default only https calls only allowed in apps. To turn off App Transport Security add following lines in info.plist file...
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
For more info:
https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
For iOS 10.x and Swift 3.x [below versions are also supported] just add the following lines in 'info.plist'
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
In Swift 4 You can use
->Go Info.plist
-> Click plus of Information properties list
->Add App Transport Security Settings as dictionary
-> Click Plus icon App Transport Security Settings
-> Add Allow Arbitrary Loads set YES
Bellow image look like
I have solved as plist file.
Add a NSAppTransportSecurity : Dictionary.
Add Subkey named " NSAllowsArbitraryLoads " as Boolean : YES
This is Apple's way of forcing tighter security on your apis(forced to use https over http). I'll explain how to remove this security setting.
Most answers on here point out adding this key to your info.plist
This alone did not solve this problem for me.
I had to add the same key to inside
Project -> Targets -> Info -> Custom iOS Target Properties
This will allow insecure connections to happen from anyone however. If you want to allow only a specific domain to use make insecure connections, you can add the following to your info.plist.
The resource could not be loaded because the App Transport Security policy requires the use of a secure connection working in Swift 4.03.
Open your pList.info as source code and paste:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
From Apple documentation
If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file.
To Bypass App Transport Security:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
To allow all insecure domains
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Read More: Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11
If you are using Xcode 8.0 and swift 3.0 or 2.2
In Xcode 7.1 onwards(swift 2.0)
In XCode 12.5. IOS 14. I made following entries
This is how info.plist source code looks like
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If you are not a big fan of XML, then just add below tag in your plist file.
iOS 9 (may) force developers to use App Transport Security exclusively. I overheard this somewhere randomly so I don't know whether this is true myself. But I suspect it and have come to this conclusion:
The app running on iOS 9 will (maybe) no longer connect to a Meteor server without SSL.
This means running meteor run ios or meteor run ios-device will (probably?) no longer work.
In the app's info.plist, NSAppTransportSecurity [Dictionary] needs to have a key NSAllowsArbitraryLoads [Boolean] to be set to YES or Meteor needs to use https for its localhost server soon.
If you are using Xcode 8.0 to 8.3.3 and swift 2.2 to 3.0
In my case need to change in URL http:// to https:// (if not working then try)
Add an App Transport Security Setting: Dictionary.
Add a NSAppTransportSecurity: Dictionary.
Add a NSExceptionDomains: Dictionary.
Add a yourdomain.com: Dictionary. (Ex: stackoverflow.com)
Add Subkey named " NSIncludesSubdomains" as Boolean: YES
Add Subkey named " NSExceptionAllowsInsecureHTTPLoads" as Boolean: YES
For those of you developing on localhost follow these steps:
Tap the "+" button next to Information Property List and add App Transport Security Settings and assign it a Dictionary Type
Tap the "+" button next to the newly created App Transport Security Settings entry and add NSExceptionAllowsInsecureHTTPLoads of type Boolean and set its value to YES.
Right click on NSExceptionAllowsInsecureHTTPLoads entry and click the "Shift Row Right" option to make it a child of the above entry.
Tap the "+" button next to the NSExceptionAllowsInsecureHTTPLoads entry and add Allow Arbitrary Loads of type Boolean and set its value to YES
Note: It should in the end look something like presented in the following picture
You just need to use HTTPS and not HTTP in your URL and it will work
Make sure you change the right info.plist file.
This is the second time I waste time on this issue, because I didn't notice that I'm changing info.plist under MyProjectNameUITests.
If you use firebase, it will add NSAllowsArbitraryLoadsInWebContent = true in the NSAppTransportSecurity section, and NSAllowsArbitraryLoads = true will not work
I managed to solve this with a combination of many of the mentioned options. I’ll include a checklist of all of the things I had to do to get this to work.
In short:
Set NSAllowsArbitraryLoads to true for my watch extension (not my watch app).
Ensure I was using https and not http.
Step one:
Firstly and most obviously I had to add an NSAppTransportSecurity key as a dictionary in my watch extension’s info.plist with a subkey called NSAllowsArbitraryLoads as a boolean set to true. Only set this in the watch extension and not the watch app’s plist. Although take note that this allows all connections and could be insecure.
or
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Step two:
Then I had to make sure that the url I was trying to load was https and not just http. For any urls that were still http I used:
Swift:
let newURLString = oldURLString.stringByReplacingOccurrencesOfString("http", withString: "https")
Obj-C:
NSString *newURLString = [oldURLString stringByReplacingOccurrencesOfString:#“http” withString:#“https”];
Open your pList.info as Source Code and at bottom just before </dict> add following code,
<!--By Passing-->
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>your.domain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>1.0</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
<!--End Passing-->
And finally change your.domain.com with your base Url. Thanks.
For XCode 13, adding Allow Arbitrary Loads isn't such a trivial job. Because by default there is no key named App Transport Security Settings.
You have to discover how to add a new root level key, by pressing any of the plus buttons that you see under Info/Custom iOS Target Properties.
See details in this link:
https://stackoverflow.com/a/72400983/1644618
I have solved this issue in the case of a self hosted parse-server using a one year signed certificate rather than the option "NSAllowsArbitraryLoads"
Parse Server as any node.js server presents a public https url that you have to specify. For instance:
parse-server --appId --masterKey --publicServerURL https://your.public.url/some_nodejs
Feel free to give a look to my configuration files
It is recommended to use https calls only in Apps. Transport security was introduced in iOS 9.0, allowing only https calls from apps by default.
However, if you still want to allow all non https calls -
Add NSAppTransportSecurity (Dictionary) in Info.plist and
Add Subkey named NSAllowsArbitraryLoads with the boolean value YES.
After update, plist should look like
STEPS
Open Info.plist
Click + under the Information properties list
Add App Transport Security Settings(NSAppTransportSecurity) as a dictionary
Click + under added App Transport Security Settings
Add Allow Arbitrary Loads(NSAllowsArbitraryLoads) as boolean and set the value to YES
I am facing the Problem when I have updated my Xcode to 7.0 or iOS 9.0.
Somehow it started giving me the Titled error
"The resource could not be loaded because the App Transport Security
policy requires the use of a secure connection"
Webservice Method:
-(void)ServiceCall:(NSString*)ServiceName :(NSString *)DataString
{
NSURLSessionConfiguration *sessionConfiguration = [NSURLSessionConfiguration defaultSessionConfiguration];
[sessionConfiguration setAllowsCellularAccess:YES];
[sessionConfiguration setHTTPAdditionalHeaders:#{ #"Accept" : #"application/json" }];
NSURLSession *session = [NSURLSession sessionWithConfiguration:sessionConfiguration];
NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:#"%#",ServiceURL]];
NSLog(#"URl %#%#",url,DataString);
// Configure the Request
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
[request setValue:[NSString stringWithFormat:#"%#=%#", strSessName, strSessVal] forHTTPHeaderField:#"Cookie"];
request.HTTPBody = [DataString dataUsingEncoding:NSUTF8StringEncoding];
request.HTTPMethod = #"Post";
// post the request and handle response
NSURLSessionDataTask *postDataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error)
{
// Handle the Response
if(error)
{
NSLog(#"%#",[NSString stringWithFormat:#"Connection failed: %#", [error description]]);
// Update the View
dispatch_async(dispatch_get_main_queue(), ^{
// Hide the Loader
[MBProgressHUD hideHUDForView:[[UIApplication sharedApplication] delegate].window animated:YES];
});
return;
}
NSArray * cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:request.URL];
for (NSHTTPCookie * cookie in cookies)
{
NSLog(#"%#=%#", cookie.name, cookie.value);
strSessName=cookie.name;
strSessVal=cookie.value;
}
NSString *retVal = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
}];
[postDataTask resume];
}
The service is Running fine for Xcode earlier versions and iOS previous versions But when I have updated to Xcode 7.0 that is on iOS 9.0, it started to give me the Problem like following when I am calling the above web service method. The Logged Error which I am getting is:
Connection failed: Error Domain=NSURLErrorDomain Code=-1022 "The
resource could not be loaded because the App Transport Security policy
requires the use of a secure connection."
UserInfo={NSUnderlyingError=0x7fada0f31880 {Error
Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"},
NSErrorFailingURLStringKey=MyServiceURL,
NSErrorFailingURLKey=MyServiceURL,
NSLocalizedDescription=The resource could not be loaded because the
App Transport Security policy requires the use of a secure
connection.}
I have tried Following Questions and answers but did not get any result there, is there any advance idea how I can remove that service call error?
The resource could not be loaded is ios9
App Transport Security Xcode 7 beta 6
https://stackoverflow.com/a/32609970
I have solved it with adding some key in info.plist.
The steps I followed are:
Opened my Project target's info.plist file
Added a Key called NSAppTransportSecurity as a Dictionary.
Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.
Clean the Project and Now Everything is Running fine as like before.
Ref Link: https://stackoverflow.com/a/32609970
EDIT:
OR In source code of info.plist file we can add that:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>yourdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
Be aware, using NSAllowsArbitraryLoads = true in the project's info.plist allows all connection to any server to be insecure. If you want to make sure only a specific domain is accessible through an insecure connection, try this:
Or, as source code:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>domain.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Clean & Build project after editing.
Transport security is provided in iOS 9.0 or later, and in OS X v10.11 and later.
So by default only https calls only allowed in apps. To turn off App Transport Security add following lines in info.plist file...
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
For more info:
https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
For iOS 10.x and Swift 3.x [below versions are also supported] just add the following lines in 'info.plist'
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
In Swift 4 You can use
->Go Info.plist
-> Click plus of Information properties list
->Add App Transport Security Settings as dictionary
-> Click Plus icon App Transport Security Settings
-> Add Allow Arbitrary Loads set YES
Bellow image look like
I have solved as plist file.
Add a NSAppTransportSecurity : Dictionary.
Add Subkey named " NSAllowsArbitraryLoads " as Boolean : YES
This is Apple's way of forcing tighter security on your apis(forced to use https over http). I'll explain how to remove this security setting.
Most answers on here point out adding this key to your info.plist
This alone did not solve this problem for me.
I had to add the same key to inside
Project -> Targets -> Info -> Custom iOS Target Properties
This will allow insecure connections to happen from anyone however. If you want to allow only a specific domain to use make insecure connections, you can add the following to your info.plist.
The resource could not be loaded because the App Transport Security policy requires the use of a secure connection working in Swift 4.03.
Open your pList.info as source code and paste:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
From Apple documentation
If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file.
To Bypass App Transport Security:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
To allow all insecure domains
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Read More: Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11
If you are using Xcode 8.0 and swift 3.0 or 2.2
In Xcode 7.1 onwards(swift 2.0)
In XCode 12.5. IOS 14. I made following entries
This is how info.plist source code looks like
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If you are not a big fan of XML, then just add below tag in your plist file.
iOS 9 (may) force developers to use App Transport Security exclusively. I overheard this somewhere randomly so I don't know whether this is true myself. But I suspect it and have come to this conclusion:
The app running on iOS 9 will (maybe) no longer connect to a Meteor server without SSL.
This means running meteor run ios or meteor run ios-device will (probably?) no longer work.
In the app's info.plist, NSAppTransportSecurity [Dictionary] needs to have a key NSAllowsArbitraryLoads [Boolean] to be set to YES or Meteor needs to use https for its localhost server soon.
If you are using Xcode 8.0 to 8.3.3 and swift 2.2 to 3.0
In my case need to change in URL http:// to https:// (if not working then try)
Add an App Transport Security Setting: Dictionary.
Add a NSAppTransportSecurity: Dictionary.
Add a NSExceptionDomains: Dictionary.
Add a yourdomain.com: Dictionary. (Ex: stackoverflow.com)
Add Subkey named " NSIncludesSubdomains" as Boolean: YES
Add Subkey named " NSExceptionAllowsInsecureHTTPLoads" as Boolean: YES
For those of you developing on localhost follow these steps:
Tap the "+" button next to Information Property List and add App Transport Security Settings and assign it a Dictionary Type
Tap the "+" button next to the newly created App Transport Security Settings entry and add NSExceptionAllowsInsecureHTTPLoads of type Boolean and set its value to YES.
Right click on NSExceptionAllowsInsecureHTTPLoads entry and click the "Shift Row Right" option to make it a child of the above entry.
Tap the "+" button next to the NSExceptionAllowsInsecureHTTPLoads entry and add Allow Arbitrary Loads of type Boolean and set its value to YES
Note: It should in the end look something like presented in the following picture
You just need to use HTTPS and not HTTP in your URL and it will work
Make sure you change the right info.plist file.
This is the second time I waste time on this issue, because I didn't notice that I'm changing info.plist under MyProjectNameUITests.
If you use firebase, it will add NSAllowsArbitraryLoadsInWebContent = true in the NSAppTransportSecurity section, and NSAllowsArbitraryLoads = true will not work
I managed to solve this with a combination of many of the mentioned options. I’ll include a checklist of all of the things I had to do to get this to work.
In short:
Set NSAllowsArbitraryLoads to true for my watch extension (not my watch app).
Ensure I was using https and not http.
Step one:
Firstly and most obviously I had to add an NSAppTransportSecurity key as a dictionary in my watch extension’s info.plist with a subkey called NSAllowsArbitraryLoads as a boolean set to true. Only set this in the watch extension and not the watch app’s plist. Although take note that this allows all connections and could be insecure.
or
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Step two:
Then I had to make sure that the url I was trying to load was https and not just http. For any urls that were still http I used:
Swift:
let newURLString = oldURLString.stringByReplacingOccurrencesOfString("http", withString: "https")
Obj-C:
NSString *newURLString = [oldURLString stringByReplacingOccurrencesOfString:#“http” withString:#“https”];
Open your pList.info as Source Code and at bottom just before </dict> add following code,
<!--By Passing-->
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>your.domain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>1.0</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
<!--End Passing-->
And finally change your.domain.com with your base Url. Thanks.
For XCode 13, adding Allow Arbitrary Loads isn't such a trivial job. Because by default there is no key named App Transport Security Settings.
You have to discover how to add a new root level key, by pressing any of the plus buttons that you see under Info/Custom iOS Target Properties.
See details in this link:
https://stackoverflow.com/a/72400983/1644618
I have solved this issue in the case of a self hosted parse-server using a one year signed certificate rather than the option "NSAllowsArbitraryLoads"
Parse Server as any node.js server presents a public https url that you have to specify. For instance:
parse-server --appId --masterKey --publicServerURL https://your.public.url/some_nodejs
Feel free to give a look to my configuration files
It is recommended to use https calls only in Apps. Transport security was introduced in iOS 9.0, allowing only https calls from apps by default.
However, if you still want to allow all non https calls -
Add NSAppTransportSecurity (Dictionary) in Info.plist and
Add Subkey named NSAllowsArbitraryLoads with the boolean value YES.
After update, plist should look like
STEPS
Open Info.plist
Click + under the Information properties list
Add App Transport Security Settings(NSAppTransportSecurity) as a dictionary
Click + under added App Transport Security Settings
Add Allow Arbitrary Loads(NSAllowsArbitraryLoads) as boolean and set the value to YES
What might be wrong if my class responsible for connection works when I run on simulator with iOS8, but it is not going to work with simulator on iOS9. What is the reason?
If you are loading a non-https URL using AFNetworking, you need to add an App Transport Security override in your info.plist file like this:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
You can also add overrides for specific domains, which is a better approach. More info here:
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/
In iOS 9, Apple is blocking insecure HTTP connections for apps, unless specific hosts are whitelisted.
http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/
Are WebView(s) exempt from these rules for obvious reasons, or are we still expected to whitelist hosts that a browser opens... including all links from a given page?
I wasn't sure if this was our responsibility or if that was exempt.
SFSafariViewController can show HTTP without the NSAppTransportSecurity key.
UIWebView and WKWebView require the NSAppTransportSecurity key mentioned above to display HTTP pages.
I have inserted the following in my apps .plist per the Apple Guidance:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections - with and without SSL (DANGEROUS)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
and when I try to load my webView (from an HTTPS server no less), I get the following error and it doesn't load.
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
So I it looks like not only are they not exempt, they don't work even if you make the correct addition to the .plist.
This question was originally about iOS 9; however, according to Apple's documentation:
Starting in iOS 10.0 and later, the following subkeys are supported:
NSAllowsArbitraryLoadsInWebContent
...
Use NSAllowsArbitraryLoadsInWebContent so that you do not need to white list each page a WebView may load.
Keep NSAllowsArbitraryLoads to maintain backward compatibility with iOS 9 and enable the new setting in your Xcode 8 project Info.plist here:
If your app (a third-party web browser, for instance) needs to load arbitrary content, Apple provides a way to disable ATS altogether, but I suspect it’s wise for you to use this capability sparingly:
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>