App Transport Security Does Not Work Any More with iOS 11 Xcode 9

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection

I have solved it with adding some key in info.plist.
The steps I followed are:

  1. Opened my Project target's info.plist file

  2. Added a Key called NSAppTransportSecurity as a Dictionary.

  3. Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.

Sample Image

Clean the Project and Now Everything is Running fine as like before.

Ref Link: https://stackoverflow.com/a/32609970

EDIT:
OR In source code of info.plist file we can add that:

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>yourdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>

Transport security has blocked a cleartext HTTP

If you are using Xcode 8.0+ and Swift 2.2+ or even Objective C:

Sample Image

If you want to allow HTTP connections to any site, you can use this keys:

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>

If you know which domains you will connect to add:

<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>

Disable App Transport Security in Xcode 9.2?

I didn't originally put it together, but I think what is happening is that with iOS 11, Apple is supporting HSTS. I believe that support for HSTS preload lists, in combination with Google recently adding the .dev TLD to the HSTS preload list, is likely causing iOS to try to force you to use https, which is failing (I missed that you are trying to use a .dev local domain for testing, which is really the key element here).

I think your only solution is to change your local testing domain to something other than a .dev domain. If you do that, you should be able to connect, and it won't try to force you to https on your local dev environment.

In short, Google has gotten rights to the .dev top level domain, and recently added it to the HSTS preload list to force all communication with .dev domains to be secure. On devices that support HSTS preload lists, this causes all traffic to redirect through HTTPS, which will cause errors on servers that don't support HTTPS.

How do I load an HTTP URL with App Transport Security enabled in iOS 9?]

See Apple’s Info.plist reference for full details (thanks @gnasher729).

You can add exceptions for specific domains in your Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>testdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>

All the keys for each excepted domain are optional. The speaker did not elaborate on any of the keys, but I think they’re all reasonably obvious.

(Source: WWDC 2015 session 703, “Privacy and Your App”, 30:18)

You can also ignore all app transport security restrictions with a single key, if your app has a good reason to do so:

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>

If your app does not have a good reason, you may risk rejection:

Setting NSAllowsArbitraryLoads to true will allow it to work, but Apple was very clear in that they intend to reject apps who use this flag without a specific reason. The main reason to use NSAllowsArbitraryLoads I can think of would be user created content (link sharing, custom web browser, etc). And in this case, Apple still expects you to include exceptions that enforce the ATS for the URLs you are in control of.

If you do need access to specific URLs that are not served over TLS 1.2, you need to write specific exceptions for those domains, not use NSAllowsArbitraryLoads set to yes. You can find more info in the NSURLSesssion WWDC session.

Please be careful in sharing the NSAllowsArbitraryLoads solution. It is not the recommended fix from Apple.

— kcharwood (thanks @marco-tolman)

air 19 & iOs 9 App Transport Security

you are correct. You have to add these lines to your app's descriptor:

<InfoAdditions>
<![CDATA[
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourapiurl.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
]]>
</InfoAdditions>

This basically says you want to allow non-secure urls to be called within your app. iOS9 newly requests HTTPS for all api calls.

Full article here: http://htmlspank.tumblr.com/post/130674234457/ioerror-2032-ios9-adobe-air-and-ats



Related Topics



Leave a reply



Submit