No solution for Transport Security?

Question

I have tried all the methods of here for solving the problem of: "Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file."

But if I try for example adding this in my plist file:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>www.myserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

I get an error:"Unsupported URL", where in this case my link, looks like this:

let url:NSURL = NSURL(string: "www.myserver.com/jsonsignup.php")

But if I would use:

let url:NSURL = NSURL(string: "http://www.myserver.com/jsonsignup.php")

I would get the same error of Transport Security as mentioned above.

Any help?

Try to remove "www." from your server key in the plist file. — Quentin Hayot, Oct 08 '15 at 09:26
Just remove 'Temporary', the keys are now `NSExceptionAllowsInsecureHTTPLoads ` and `NSExceptionMinimumTLSVersion` — Mike Pollard, Oct 08 '15 at 09:38
Possible duplicate of [Transport Security has Blocked a cleartext HTTP](http://stackoverflow.com/questions/31254725/transport-security-has-blocked-a-cleartext-http) — Misha, Oct 08 '15 at 09:50

Skywalker · Accepted Answer · 2015-10-08T09:41:40.343

3

I had the same issue. I tried adding it to info.plist but it did not work for me either. So I tried this and it worked.

Click on your project name in the "Project Navigator" then click on info. And add it there. See highlighted.

Before I tried selecting the plist from my project navigator under supporting files and for some reason it did not work. The above should work for you.

Note: This will allow all connections.

edited Oct 08 '15 at 09:41

answered Oct 08 '15 at 09:34

Skywalker

4,984
16
57
122

this is not the solution, this can be seen as a hack, you enabled any kind of http load, putting your users into the risk – Julian Oct 08 '15 at 12:53
@JulianKról the answer already warns the reader that this will allow all connections. The answers main focus was to show the correct place within xCode where to edit the plist. – Skywalker Oct 08 '15 at 13:14
I know that this will work but it shouldn't be seen as a solution, as it disables extra security benefits provided in iOS 9 – Julian Oct 08 '15 at 13:17
The correct way is adding a list of domains that can be visited; see this blog post http://www.soortapp.com/ios-9-nsapptransportsecurity-tutorial/ – J.Williams Oct 09 '15 at 20:41

Jay Bhalani · Answer 2 · 2015-10-08T12:45:42.780

1

Are you using http://request ? then add following code in your .plist file.

<key>NSAppTransportSecurity</key>
<dict>
  <!--Include to allow all connections (DANGER)-->
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

I hope it's work for you.

edited Oct 08 '15 at 12:45

answered Oct 08 '15 at 09:28

Jay Bhalani

4,142
8
37
50

No solution for Transport Security?

2 Answers2

Linked