iOS9 - HTTP Connection Error

Question

I got 3 error when i update my Xcode

1- App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

2- CFNetwork SSLHandshake failed (-9824)

3- NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)

I tried:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourdomain.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

and

<key>NSAppTransportSecurity</key>  
 <dict>  
      <key>NSAllowsArbitraryLoads</key><true/>  
 </dict>

But they didn't work. Can anyone help me please! Thank You.

The answer is here: http://stackoverflow.com/a/32912578/4588136 I just entered wrong place the code — Ibrahim BOLAT, Oct 15 '15 at 06:17

score 11 · Accepted Answer · answered Jan 25 '16 at 18:44

11

From Project Navigator click your project's name.

Now, on the right side you' ll see the General Tab of your project.Select the Info Tab Expand the Customs iOS Target Properties Add a new type, Name it as NSAppTransportSecurity, type as Dictionary.It will be convert in this text App Transport Security Settings Inside that add a new item and name it as NSAllowsArbitraryLoads, type as Boolean, value YES.

See this thread on the forums for the further details what apple... Add the entry to info.plist

https://forums.developer.apple.com/message/5857#5857

And refer to Session 711 at WWDC. https://developer.apple.com/videos/wwdc/2015/?id=711

answered Jan 25 '16 at 18:44

umairhhhs

400
6
19

Thanks! You saved my day. – Lucas Feb 06 '16 at 11:32
2

Note that Apple will likely reject apps that use the NSAllowsArbitratyLoads key when submitted to the app store - unless you have a really good reason. It is better to use NSExceptionDomains instead and list all of the domains you want to be exempt from the rule. Here is the link to the app transport security documentation: https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33 – SeanCAtkinson Feb 06 '16 at 14:45
Where is exactly apple say apps will be rejected for that exception? Every app that using one of the ad networks SDKs out there, is obligated to allow ArbitratyLoads. So I am really not sure what your'e saying is true. – DocForNoc Mar 22 '16 at 16:07
@DocForNoc well its a security measure that your app will communicate with just those links that are white listed by you. if we allow all links for production phase too then our app would not be considered as safe and apple might not allow one's app with allow ArbitratyLoads. – umairhhhs Mar 24 '16 at 06:51

score 3 · Answer 2 · edited May 31 '16 at 02:39

3

add to the whitelist

Connect the wrong domain name was added to the whitelist, even if the domain name has been used for https.

edited May 31 '16 at 02:39

thor

21,418
31
87
173

answered May 31 '16 at 02:21

EchoXuan

31
3

please add image in the answer itself – Naman May 31 '16 at 02:30

iOS9 - HTTP Connection Error

2 Answers2

Linked