API Call Error in Xcode 7/iOS 9 (How to Setup App Transport Security in Plist)

  • Home
  • Languages
  • iOS
  • API Call Error in Xcode 7/iOS 9 (How to Setup App Transport Security in Plist)

Api Call Error in Xcode 7 / iOS 9 (how to setup App Transport Security in plist)

In iOS9, Apple added new feature called App Transport Security(ATS).

ATS enforces best practices during network calls, including the use of HTTPS.

Apple Pre-release documentation:

ATS prevents accidental disclosure, provides secure default behavior,
and is easy to adopt. You should adopt ATS as soon as possible,
regardless of whether you’re creating a new app or updating an
existing one.

If you’re developing a new app, you should use HTTPS exclusively. If
you have an existing app, you should use HTTPS as much as you can
right now, and create a plan for migrating the rest of your app as
soon as possible.

Add Below key in your info.plist & then see.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

Even you can add specific exception, 

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>testdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <false/>
            <key>NSExceptionAllowInsecureHTTPSLoads</key>
            <false/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key>
            <false/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
        </dict>

        ...

    </dict>
</dict>

Transport security has blocked a cleartext HTTP

If you are using Xcode 8.0+ and Swift 2.2+ or even Objective C:

Sample Image

If you want to allow HTTP connections to any site, you can use this keys:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

If you know which domains you will connect to add:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection

I have solved it with adding some key in info.plist.
The steps I followed are:

  1. Opened my Project target's info.plist file

  2. Added a Key called NSAppTransportSecurity as a Dictionary.

  3. Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.

Sample Image

Clean the Project and Now Everything is Running fine as like before.

Ref Link: https://stackoverflow.com/a/32609970

EDIT:
OR In source code of info.plist file we can add that:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>yourdomain.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
       </dict>
  </dict>

How do I load an HTTP URL with App Transport Security enabled in iOS 9?

See Apple’s Info.plist reference for full details (thanks @gnasher729).

You can add exceptions for specific domains in your Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>testdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <false/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
        </dict>
    </dict>
</dict>

All the keys for each excepted domain are optional. The speaker did not elaborate on any of the keys, but I think they’re all reasonably obvious.

(Source: WWDC 2015 session 703, “Privacy and Your App”, 30:18)

You can also ignore all app transport security restrictions with a single key, if your app has a good reason to do so:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

If your app does not have a good reason, you may risk rejection:

Setting NSAllowsArbitraryLoads to true will allow it to work, but Apple was very clear in that they intend to reject apps who use this flag without a specific reason. The main reason to use NSAllowsArbitraryLoads I can think of would be user created content (link sharing, custom web browser, etc). And in this case, Apple still expects you to include exceptions that enforce the ATS for the URLs you are in control of.

If you do need access to specific URLs that are not served over TLS 1.2, you need to write specific exceptions for those domains, not use NSAllowsArbitraryLoads set to yes. You can find more info in the NSURLSesssion WWDC session.

Please be careful in sharing the NSAllowsArbitraryLoads solution. It is not the recommended fix from Apple.

— kcharwood (thanks @marco-tolman)

App Transport Security has blocked a cleartext HTTP resource

You need to correct it like this:

Sample Image

To make it easier, this is the correct xml in the info.plist

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>localhost</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
            </dict>
        </dict>
    </dict>

change the localhost to your actual server

Check the table for NSAppTransportSecurity options

If you want to all communications with any domain, you can do this:

 <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>

However, you should use the latest just in the developing phase.

Xcode:App Transport Security

Need to change the Settings you need to change,Target -> Info
Sample Image


Related Topics

Firebase Database Not Equal Request - Alternative Solution (For iOS)

Issue Comparing Uicolors in Swift

How to Queue Multiple Accessibility Notifications for Voiceover

Strange Custom Background Color on Uipickerview Swift

iOS 8 and Xcode 6 Simulator Display Out of Alignment

iOS App Breakpoints on Running

iOS - Running Background Task for Update User Location Using Swift

Get Xcode 5 to Warn About New API Calls

Swift Playground and Simulator Error (Ipc/Mig) Server Died, Unable to Boot The iOS Simulator

Swift Unrecognized Selector Sent to Instance - What Am I Missing

Swift 3 Weird Crashes (Type Inference)

Trim End Off of String in Swift, Getting Error at Runtime

How to Use Pod in Notification Service Extension

Revealviewcontroller() Always Returns Nil

Save The Exif Metadata Using The New PHPhotolibrary

Why Is Optional("Text") - Swift

Programmatically Change Splash Screen in iOS

Add a UIbutton as a Subview to a UItabbar


Leave a reply



Submit