Api Call Error in Xcode 7 / iOS 9 (how to setup App Transport Security in plist)
In iOS9, Apple added new feature called App Transport Security(ATS).
ATS enforces best practices during network calls, including the use of HTTPS.
Apple Pre-release documentation:
ATS prevents accidental disclosure, provides secure default behavior,
and is easy to adopt. You should adopt ATS as soon as possible,
regardless of whether you’re creating a new app or updating an
existing one.If you’re developing a new app, you should use HTTPS exclusively. If
you have an existing app, you should use HTTPS as much as you can
right now, and create a plan for migrating the rest of your app as
soon as possible.
Add Below key in your info.plist & then see.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Even you can add specific exception,
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>testdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<false/>
<key>NSExceptionAllowInsecureHTTPSLoads</key>
<false/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
...
</dict>
</dict>
Transport security has blocked a cleartext HTTP
If you are using Xcode 8.0+ and Swift 2.2+ or even Objective C:
If you want to allow HTTP connections to any site, you can use this keys:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If you know which domains you will connect to add:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
The resource could not be loaded because the App Transport Security policy requires the use of a secure connection
I have solved it with adding some key in info.plist.
The steps I followed are:
Opened my Project target's
info.plist
fileAdded a Key called
NSAppTransportSecurity
as aDictionary
.Added a Subkey called
NSAllowsArbitraryLoads
asBoolean
and set its value toYES
as like following image.
Clean the Project and Now Everything is Running fine as like before.
Ref Link: https://stackoverflow.com/a/32609970
EDIT:
OR In source code of info.plist
file we can add that:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>yourdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
How do I load an HTTP URL with App Transport Security enabled in iOS 9?
See Apple’s Info.plist reference for full details (thanks @gnasher729).
You can add exceptions for specific domains in your Info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>testdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
All the keys for each excepted domain are optional. The speaker did not elaborate on any of the keys, but I think they’re all reasonably obvious.
(Source: WWDC 2015 session 703, “Privacy and Your App”, 30:18)
You can also ignore all app transport security restrictions with a single key, if your app has a good reason to do so:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If your app does not have a good reason, you may risk rejection:
Setting NSAllowsArbitraryLoads to true will allow it to work, but Apple was very clear in that they intend to reject apps who use this flag without a specific reason. The main reason to use NSAllowsArbitraryLoads I can think of would be user created content (link sharing, custom web browser, etc). And in this case, Apple still expects you to include exceptions that enforce the ATS for the URLs you are in control of.
If you do need access to specific URLs that are not served over TLS 1.2, you need to write specific exceptions for those domains, not use NSAllowsArbitraryLoads set to yes. You can find more info in the NSURLSesssion WWDC session.
Please be careful in sharing the NSAllowsArbitraryLoads solution. It is not the recommended fix from Apple.
— kcharwood (thanks @marco-tolman)
App Transport Security has blocked a cleartext HTTP resource
You need to correct it like this:
To make it easier, this is the correct xml in the info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
change the localhost
to your actual server
Check the table for NSAppTransportSecurity options
If you want to all communications with any domain, you can do this:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
However, you should use the latest just in the developing phase.
Xcode:App Transport Security
Need to change the Settings you need to change,Target -> Info
Related Topics
Firebase Database Not Equal Request - Alternative Solution (For iOS)
Issue Comparing Uicolors in Swift
How to Queue Multiple Accessibility Notifications for Voiceover
Strange Custom Background Color on Uipickerview Swift
iOS 8 and Xcode 6 Simulator Display Out of Alignment
iOS App Breakpoints on Running
iOS - Running Background Task for Update User Location Using Swift
Get Xcode 5 to Warn About New API Calls
Swift Playground and Simulator Error (Ipc/Mig) Server Died, Unable to Boot The iOS Simulator
Swift Unrecognized Selector Sent to Instance - What Am I Missing
Swift 3 Weird Crashes (Type Inference)
Trim End Off of String in Swift, Getting Error at Runtime
How to Use Pod in Notification Service Extension
Revealviewcontroller() Always Returns Nil
Save The Exif Metadata Using The New PHPhotolibrary
Why Is Optional("Text") - Swift