1

Hi everyone. I have strange issue with App Transport Security on ios9 on share extension. Our project has 2 targets, ios project (based on phonegap) and native share extension. On both targets we do non https requests and on both target I have added 

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

to .plist files, so ATS should be turned off. On application it works and I can do non https requests without problems, but on share extension it still blocks my requests **See screenshot here**

Somebody knows how can we fix it?

Lorenzo
  • 3,293
  • 4
  • 29
  • 56
Sergio Promov
  • 103
  • 1
  • 5
  • check this and verify that you have added it properly in the plist or not: http://stackoverflow.com/questions/31254725/transport-security-has-blocked-a-cleartext-http/31254874#31254874 – AP7 Oct 07 '15 at 08:58
  • check this link you can find solution http://stackoverflow.com/a/32599300/5362916 – Uma Madhavi Oct 07 '15 at 09:02
  • I have already read that articles, it does not help me. I need to turn it off, because it does request to different domains. It's turned off, as it explain in specification, but ATS still blocks requests – Sergio Promov Oct 07 '15 at 10:10
  • @SergioPromov save it locally before sharing – Leo Dabus Oct 07 '15 at 10:16
  • It should works without any manual saving images, that is incompatible with UX. Consumer should be able to use extension and after that see item with images in application, without any additional actions like manual saving images, copying urls, etc. The extension should makes it everything instead of consumer, and makes using application more comfortable. Still hope that someone helps me :-) – Sergio Promov Oct 07 '15 at 10:28

1 Answers1

1

You should allow your specific domain first, like this.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>api.domainname.com</key>
        <dict>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>dev.domainname.com</key>
        <dict>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>
Thunderbird
  • 687
  • 6
  • 16
  • Thx for answer! I can't do that, because app uploads images form different urls (user should be able to use share extension on any site, form where it downloads images), and most of them non https. I need just turn it off. Any ideas how can I solve it ? – Sergio Promov Oct 07 '15 at 09:59
  • @SergioPromov do you found the solution i got the exact problem like you – bramasta vikana May 13 '23 at 04:28